>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CP-8 (01)Telecommunications Services | Priority of Service Provisions

Moderate
High

>Control Description

(a) Develop primary and alternate telecommunications service agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives); and (b) Request Telecommunications Service Priority for all telecommunications services used for national security emergency preparedness if the primary and/or alternate telecommunications services are provided by a common carrier.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

Organizations consider the potential mission or business impact in situations where telecommunications service providers are servicing other organizations with similar priority of service provisions. Telecommunications Service Priority (TSP) is a Federal Communications Commission (FCC) program that directs telecommunications service providers (e.g., wireline and wireless phone companies) to give preferential treatment to users enrolled in the program when they need to add new lines or have their lines restored following a disruption of service, regardless of the cause. The FCC sets the rules and policies for the TSP program, and the Department of Homeland Security manages the TSP program.

The TSP program is always in effect and not contingent on a major disaster or attack taking place. Federal sponsorship is required to enroll in the TSP program.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of CP-8(1) (Priority Of Service Provisions)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring CP-8(1)?
  • How frequently is the CP-8(1) policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures CP-8(1) requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce CP-8(1) requirements.
  • What automated tools, systems, or technologies are deployed to implement CP-8(1)?
  • How is CP-8(1) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce CP-8(1) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of CP-8(1)?
  • What audit logs, records, reports, or monitoring data validate CP-8(1) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of CP-8(1) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate CP-8(1) compliance?

Ask AI

Configure your API key to use AI features.