Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization tests the contingency plan at the alternate processing site:
(a) To familiarize contingency personnel with the facility and available resources; and
(b) To evaluate the capabilities of the alternate processing site to support contingency operations.
NIST 800-53 (r4) Supplemental Guidance:
Related control: CP-7.
NIST 800-53 (r5) Discussion:
Conditions at the alternate processing site may be significantly different than the conditions at the primary site. Having the opportunity to visit the alternate site and experience the actual capabilities available at the site can provide valuable information on potential vulnerabilities that could affect essential organizational mission and business functions. The on-site visit can also provide an opportunity to refine the contingency plan to address the vulnerabilities discovered during testing.
38North Guidance:
Meets Minimum Requirement:
An alternate processing site is identified by the organization.
The organization conducts tests at the alternate processing site to ensure recovery timeframes and metrics can be met to determine if the resources at the alternate processing site are sufficient during CP/recovery activities.
Best Practice:
TBD.
Unofficial FedRAMP Guidance: None.
Assessment Evidence:
Documentation demonstrating prior CP test conducted at the alternate processing site.
Evidence evaluating the alternate processing site.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse