CP-6: Alternate Storage Site
Control Family:
CSF v1.1 References:
PF v1.0 References:
Threats Addressed:
Next Version:
- NIST Special Publication 800-53 Revision 5:
- CP-6: Alternate Storage Site
Control Statement
The organization:
- Establishes an alternate storage site including necessary agreements to permit the storage and retrieval of information system backup information; and
- Ensures that the alternate storage site provides information security safeguards equivalent to that of the primary site.
Supplemental Guidance
Alternate storage sites are sites that are geographically distinct from primary storage sites. An alternate storage site maintains duplicate copies of information and data in the event that the primary storage site is not available. Items covered by alternate storage site agreements include, for example, environmental conditions at alternate sites, access rules, physical and environmental protection requirements, and coordination of delivery/retrieval of backup media. Alternate storage sites reflect the requirements in contingency plans so that organizations can maintain essential missions/business functions despite disruption, compromise, or failure in organizational information systems.
Control Enhancements
CP-6(1): Separation From Primary Site
Baseline(s):
- Moderate
- High
The organization identifies an alternate storage site that is separated from the primary storage site to reduce susceptibility to the same threats.
CP-6(2): Recovery Time / Point Objectives
Baseline(s):
- High
The organization configures the alternate storage site to facilitate recovery operations in accordance with recovery time and recovery point objectives.
CP-6(3): Accessibility
Baseline(s):
- Moderate
- High
The organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.