>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CP-7(1)Alternate Processing Site

PBMM (P3)
Secret (P3)
Operational

>Control Description

ALTERNATE PROCESSING SITE | SEPARATION FROM PRIMARY SITE The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats.

>Supplemental Guidance

Threats that affect alternate processing sites are typically defined in organizational assessments of risk and include, for example, natural disasters, structural failures, hostile cyber-attacks, and errors of omission/commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate processing sites based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber-attack), the degree of separation between sites is less relevant.

Related control: RA-3.

Ask AI

Configure your API key to use AI features.