Overview:
The organization identifies an alternate storage site that is separated from the primary storage site to reduce susceptibility to the same threats.
Supplemental Guidance:
Threats that affect alternate storage sites are typically defined in organizational assessments of risk and include, for example, natural disasters, structural failures, hostile cyber attacks, and errors of omission/commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate storage sites based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites is less relevant.
Related control: RA-3.
Action Items:
1) Establish a an alternate storage site for backups and ensure it is secured and sufficiently separated from the primary storage site
Related Documents:
1) Contingency Plan Policy
2) Business Continuity Plans
3) Disaster Recovery Plan
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none
Moderate Additional FedRAMP Requirements and Guidance
none
Article ID: 676
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/separation-from-primary-site-cp-6-1-676.html