|CP-7 (1) Separation From Primary Site ||MODERATE |
Threats that affect alternate processing sites are typically defined in organizational assessments of risk and include, for example, natural disasters, structural failures, hostile cyber attacks, and errors of omission/commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate processing sites based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites is less relevant.
The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats.
|CP-7 (2) Accessibility ||MODERATE |
Area-wide disruptions refer to those types of disruptions that are broad in geographic scope (e.g., hurricane, regional power outage) with such determinations made by organizations based on organizational assessments of risk.
The organization identifies potential accessibility problems to the alternate processing site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.
|CP-7 (3) Priority Of Service ||MODERATE |
Priority-of-service agreements refer to negotiated agreements with service providers that ensure that organizations receive priority treatment consistent with their availability requirements and the availability of information resources at the alternate processing site.
The organization develops alternate processing site agreements that contain priority-of-service provisions in accordance with organizational availability requirements (including recovery time objectives).
|CP-7 (4) Preparation For Use ||HIGH |
Site preparation includes, for example, establishing configuration settings for information system components at the alternate processing site consistent with the requirements for such settings at the primary site and ensuring that essential supplies and other logistical considerations are in place.
The organization prepares the alternate processing site so that the site is ready to be used as the operational site supporting essential missions and business functions.
|CP-7 (5) Equivalent Information Security Safeguards || |
Withdrawn: Incorporated into CP-7.
|CP-7 (6) Inability To Return To Primary Site || |
The organization plans and prepares for circumstances that preclude returning to the primary processing site.