Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization identifies potential accessibility problems to the alternate processing site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.
NIST 800-53 (r4) Supplemental Guidance:
Area-wide disruptions refer to those types of disruptions that are broad in geographic scope (e.g., hurricane, regional power outage) with such determinations made by organizations based on organizational assessments of risk. Related control: RA-3.
NIST 800-53 (r5) Discussion:
Area-wide disruptions refer to those types of disruptions that are broad in geographic scope with such determinations made by organizations based on organizational assessments of risk.
38North Guidance:
Meets Minimum Requirement:
Determine if there are any accessibility issues with the alternate processing site and once an alternate processing site is designated, the organization must identify potential accessibility problems to the alternate site in the event of an area-wide disruption or disaster and outline explicit mitigation actions (e.g., replicating backup data to other alternate sites, etc.). Ensure the alternate processing site location is not susceptible to the same hazards (at the same time; meaning, that whatever disruption or disaster is occurring, it is not impacting both the primary and alternate processing site simultaneously (e.g., power outage, storms, etc.) as the primary processing site.
Best Practice:
TBD.
Unofficial FedRAMP Guidance: None.
Assessment Evidence:
Alternate processing site agreements.
CP document that identifies an alternate processing site which is geographically separate from primary processing site.
Mitigation actions/processes for accessibility problems to alternate processing site, including annual reviews and approvals.
CSP Implementation Tips:
Amazon Web Services (AWS):
Microsoft Azure:
Google Cloud Platform:
Page updated
Report abuse