Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization establishes alternate telecommunications services including necessary agreements to permit the resumption of [Assignment: organization-defined information system operations] for essential missions and business functions within [Assignment: organization- defined time period] when the primary telecommunications capabilities are unavailable at either the primary or alternate processing or storage sites.
CP-8 Additional FedRAMP Requirements and Guidance: The service provider defines a time period consistent with the recovery time objectives and business impact analysis.
NIST 800-53 (r4) Supplemental Guidance:
This control applies to telecommunications services (data and voice) for primary and alternate processing and storage sites. Alternate telecommunications services reflect the continuity requirements in contingency plans to maintain essential missions/business functions despite the loss of primary telecommunications services. Organizations may specify different time periods for primary/alternate sites. Alternate telecommunications services include, for example, additional organizational or commercial ground-based circuits/lines or satellites in lieu of ground- based communications. Organizations consider factors such as availability, quality of service, and access when entering into alternate telecommunications agreements. Related controls: CP-2, CP-6, CP-7.
References: NIST Special Publication 800-34; National Communications Systems Directive 3-10; Web: http://www.dhs.gov/telecommunications-service-priority-tsp.
NIST 800-53 (r5) Discussion:
Telecommunications services (for data and voice) for primary and alternate processing and storage sites are in scope for CP-8. Alternate telecommunications services reflect the continuity requirements in contingency plans to maintain essential mission and business functions despite the loss of primary telecommunications services. Organizations may specify different time periods for primary or alternate sites. Alternate telecommunications services include additional organizational or commercial ground-based circuits or lines, network-based approaches to telecommunications, or the use of satellites. Organizations consider factors such as availability, quality of service, and access when entering into alternate telecommunications agreements.
38North Guidance:
Meets Minimum Requirement:
All telecommunication services are provided and managed by the Organization. This may be inherited by an IaaS provider if the CSO resides fully within a Cloud IaaS provider, such as AWS, Azure, Google Cloud Platform, Oracle Cloud Infrastructure, etc.
Best Practice:
TBD.
Unofficial FedRAMP Guidance:
CSP must define a time-period consistent with the RTOs and BIA.
Assessment Evidence:
Evidence of alternate Telecommunication service(s) in BCDR Plans.
Contingency Planning Policy.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse