Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization develops alternate processing site agreements that contain priority-of-service provisions in accordance with organizational availability requirements (including recovery time objectives).
NIST 800-53 (r4) Supplemental Guidance:
Priority-of-service agreements refer to negotiated agreements with service providers that ensure that organizations receive priority treatment consistent with their availability requirements and the availability of information resources at the alternate processing site.
NIST 800-53 (r5) Discussion:
Priority of service agreements refer to negotiated agreements with service providers that ensure that organizations receive priority treatment consistent with their availability requirements and the availability of information resources for logical alternate processing and/or at the physical alternate processing site. Organizations establish recovery time objectives as part of contingency planning.
38North Guidance:
Meets Minimum Requirement:
The Organization must ensure that alternate processing site agreements contain priority-of-service provisions in accordance with customer availability and RTO requirements.
Best Practice:
TBD.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Alternate processing site agreements that include RTOs agreed upon with the customer in an SLA.
CP document that identifies an alternate processing site which is geographically separate from primary processing site and includes the Priority of Service; Recovery Priority; Restart Order; recovery systems and environment are sufficient to acceptably run the IT asset(s); recovery targets of all covered IT Assets verified.
A Test Report, after action reports or lessons learned demonstrating that these functions have been tested to ensure continuity.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse