Skip to Content

Separate Storage for Critical Information CP-9(3)

687  Matthew Burdick September 29, 2022  Contingency Planning (CP)

Overview:
The organization stores backup copies of [Assignment: organization-defined critical information system software and other security-related information] in a separate facility or in a fire-rated container that is not collocated with the operational system.


Supplemental Guidance:
Critical information system software includes, for example, operating systems, cryptographic key management systems, and intrusion detection/prevention systems. Security-related information includes, for example, organizational inventories of hardware, software, and firmware components. Alternate storage sites typically serve as separate storage facilities for organizations.


Related controls: CM-2, CM-8.


Action Items:
1) Store backup information in a separate secure location from the operational system

 

Related Documents:
1) Contingency Plan Policy

2) Business Continuity Plans

3) Disaster Recovery Plan


Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none


Moderate Additional FedRAMP Requirements and Guidance
none
Not Rated
Secure Code