>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CP-6(1)Alternate Storage Site | Separation from Primary Site

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Threats that affect alternate storage sites are defined in organizational risk assessments and include natural disasters, structural failures, hostile attacks, and errors of omission or commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate storage sites based on the types of threats that are of concern. For threats such as hostile attacks, the degree of separation between sites is less relevant.

>Programmatic Queries

Beta

Related Services

Amazon S3 Cross-Region Replication
AWS DataSync
Amazon EBS

CLI Commands

Enable cross-region replication for S3 bucket
aws s3api put-bucket-replication --bucket primary-bucket --replication-configuration file://replication.json
Create S3 bucket in alternate region
aws s3api create-bucket --bucket alternate-storage-cp-6-1 --region us-west-2 --create-bucket-configuration LocationConstraint=us-west-2
List replication status for objects
aws s3api head-bucket --bucket primary-bucket --query 'ReplicationConfiguration'
Create EBS snapshot for alternate storage
aws ec2 create-snapshot --volume-id vol-123456 --description cp-6-1-alternate-storage
Open AWS ConsoleDocumentation

>Related Controls

RA-3

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of CP-6(1) (Separation From Primary Site)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring CP-6(1)?
  • How frequently is the CP-6(1) policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures CP-6(1) requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce CP-6(1) requirements.
  • What automated tools, systems, or technologies are deployed to implement CP-6(1)?
  • How is CP-6(1) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce CP-6(1) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of CP-6(1)?
  • What audit logs, records, reports, or monitoring data validate CP-6(1) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of CP-6(1) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate CP-6(1) compliance?

Ask AI

Configure your API key to use AI features.