Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.
NIST 800-53 (r4) Supplemental Guidance:
Area-wide disruptions refer to those types of disruptions that are broad in geographic scope (e.g., hurricane, regional power outage) with such determinations made by organizations based on organizational assessments of risk. Explicit mitigation actions include, for example: (i) duplicating backup information at other alternate storage sites if access problems occur at originally designated alternate sites; or (ii) planning for physical access to retrieve backup information if electronic accessibility to the alternate site is disrupted. Related control: RA-3.
NIST 800-53 (r5) Discussion:
Area-wide disruptions refer to those types of disruptions that are broad in geographic scope with such determinations made by organizations based on organizational assessments of risk. Explicit mitigation actions include duplicating backup information at other alternate storage sites if access problems occur at originally designated alternate sites or planning for physical access to retrieve backup information if electronic accessibility to the alternate site is disrupted.
38North Guidance:
Meets Minimum Requirement:
Determine if there are any accessibility issues with the alternate storage site and once an alternate storage site is designated, the organization must identify potential accessibility problems to the alternate site in the event of an area-wide disruption or disaster and outline explicit mitigation actions (e.g., replicating backup data to other alternate storage sites, etc.).
Best Practice:
TBD.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Alternate storage site agreements.
CP document that identifies an alternate storage site which is geographically separate from primary storage site.
Mitigation actions/processes for accessibility problems to alternate storage site, including annual reviews and approvals.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse