>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CP-8Telecommunications Services

Moderate
High

>Control Description

Establish alternate telecommunications services, including necessary agreements to permit the resumption of organization-defined system operations for essential mission and business functions within organization-defined time period when the primary telecommunications capabilities are unavailable at either the primary or alternate processing or storage sites.

>FedRAMP Baseline Requirements

Additional Requirements and Guidance

CP-8 Requirement: The service provider defines a time period consistent with the recovery time objectives and business impact analysis.

>Discussion

Telecommunications services (for data and voice) for primary and alternate processing and storage sites are in scope for CP-8. Alternate telecommunications services reflect the continuity requirements in contingency plans to maintain essential mission and business functions despite the loss of primary telecommunications services. Organizations may specify different time periods for primary or alternate sites.

Alternate telecommunications services include additional organizational or commercial ground-based circuits or lines, network-based approaches to telecommunications, or the use of satellites. Organizations consider factors such as availability, quality of service, and access when entering into alternate telecommunications agreements.

>Cross-Framework Mappings

SCF

BCD-10
Compare

>Programmatic Queries

Beta

Related Services

Direct Connect
VPN
Transit Gateway

CLI Commands

List Direct Connect connections
aws directconnect describe-connections --query 'connections[*].{Id:connectionId,Name:connectionName,State:connectionState,Bandwidth:bandwidth}'
Check VPN redundancy
aws ec2 describe-vpn-connections --query 'VpnConnections[*].{Id:VpnConnectionId,State:State,Tunnels:VgwTelemetry[*].Status}'
List Transit Gateway route tables
aws ec2 describe-transit-gateway-route-tables
Check NAT Gateway redundancy
aws ec2 describe-nat-gateways --query 'NatGateways[*].{Id:NatGatewayId,State:State,AZ:SubnetId}'
Open AWS ConsoleDocumentation

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of CP-8 (Telecommunications Services)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring CP-8?
  • How frequently is the CP-8 policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures CP-8 requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce CP-8 requirements.
  • What automated tools, systems, or technologies are deployed to implement CP-8?
  • How is CP-8 integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce CP-8 requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of CP-8?
  • What audit logs, records, reports, or monitoring data validate CP-8 compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of CP-8 effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate CP-8 compliance?

Ask AI

Configure your API key to use AI features.