UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

CP-13 ALTERNATIVE SECURITY MECHANISMS


Overview

Number Title Impact Priority Subject Area
CP-13 Alternative Security Mechanisms P0 Contingency Planning

Instructions
The organization employs Assignment: organization-defined alternative or supplemental security mechanisms for satisfying Assignment: organization-defined security functions when the primary means of implementing the security function is unavailable or compromised.
Guidance
This control supports information system resiliency and contingency planning/continuity of operations. To ensure mission/business continuity, organizations can implement alternative or supplemental security mechanisms. These mechanisms may be less effective than the primary mechanisms (e.g., not as easy to use, not as scalable, or not as secure). However, having the capability to readily employ these alternative/supplemental mechanisms enhances overall mission/business continuity that might otherwise be adversely impacted if organizational operations had to be curtailed until the primary means of implementing the functions was restored. Given the cost and level of effort required to provide such alternative capabilities, this control would typically be applied only to critical security capabilities provided by information systems, system components, or information system services. For example, an organization may issue to senior executives and system administrators one-time pads in case multifactor tokens, the organization�s standard means for secure remote authentication, is compromised.

Enhancements