CP-6: Alternate Storage Site

Control Family:

Contingency Planning

CSF v1.1 References:

CSF v2.0 References:

PF v1.0 References:

Threats Addressed:

Baselines:

Previous Version:

Control Statement

  1. Establish an alternate storage site, including necessary agreements to permit the storage and retrieval of system backup information; and
  2. Ensure that the alternate storage site provides controls equivalent to that of the primary site.

Supplemental Guidance

Alternate storage sites are geographically distinct from primary storage sites and maintain duplicate copies of information and data if the primary storage site is not available. Similarly, alternate processing sites provide processing capability if the primary processing site is not available. Geographically distributed architectures that support contingency requirements may be considered alternate storage sites. Items covered by alternate storage site agreements include environmental conditions at the alternate sites, access rules for systems and facilities, physical and environmental protection requirements, and coordination of delivery and retrieval of backup media. Alternate storage sites reflect the requirements in contingency plans so that organizations can maintain essential mission and business functions despite compromise, failure, or disruption in organizational systems.

Control Enhancements

CP-6(1): Separation from Primary Site

Baseline(s):

  • Moderate
  • High

Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats.

CP-6(3): Accessibility

Baseline(s):

  • Moderate
  • High

Identify potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outline explicit mitigation actions.