Skip to Content

Separation from Primary Site CP-6(1)

676  Matthew Burdick September 29, 2022  Contingency Planning (CP)

Overview:
The organization identifies an alternate storage site that is separated from the primary storage site to reduce susceptibility to the same threats.


Supplemental Guidance:
Threats that affect alternate storage sites are typically defined in organizational assessments of risk and include, for example, natural disasters, structural failures, hostile cyber attacks, and errors of omission/commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate storage sites based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites is less relevant.


Related control: RA-3.


Action Items:
1) Establish a an alternate storage site for backups and ensure it is secured and sufficiently separated from the primary storage site

 

Related Documents:
1) Contingency Plan Policy

2) Business Continuity Plans

3) Disaster Recovery Plan


Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none


Moderate Additional FedRAMP Requirements and Guidance
none
Not Rated
Secure Code