| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
CP-6(3) |
FedRAMP_High_R4_CP-6(3) |
FedRAMP High CP-6 (3) |
Contingency Planning |
Accessibility |
Shared |
n/a |
The organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.
Supplemental Guidance: Area-wide disruptions refer to those types of disruptions that are broad in geographic scope (e.g., hurricane, regional power outage) with such determinations made by organizations based on organizational assessments of risk. Explicit mitigation actions include, for example: (i) duplicating backup information at other alternate storage sites if access problems occur at originally designated alternate sites; or (ii) planning for physical access to retrieve backup information if electronic accessibility to the alternate site is disrupted. Related control: RA-3. |
link |
1 |
| FedRAMP_Moderate_R4 |
CP-6(3) |
FedRAMP_Moderate_R4_CP-6(3) |
FedRAMP Moderate CP-6 (3) |
Contingency Planning |
Accessibility |
Shared |
n/a |
The organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.
Supplemental Guidance: Area-wide disruptions refer to those types of disruptions that are broad in geographic scope (e.g., hurricane, regional power outage) with such determinations made by organizations based on organizational assessments of risk. Explicit mitigation actions include, for example: (i) duplicating backup information at other alternate storage sites if access problems occur at originally designated alternate sites; or (ii) planning for physical access to retrieve backup information if electronic accessibility to the alternate site is disrupted. Related control: RA-3. |
link |
1 |
| hipaa |
1464.09e2Organizational.5-09.e |
hipaa-1464.09e2Organizational.5-09.e |
1464.09e2Organizational.5-09.e |
14 Third Party Assurance |
1464.09e2Organizational.5-09.e 09.02 Control Third Party Service Delivery |
Shared |
n/a |
The organization restricts the location of facilities that process, transmit or store covered information (e.g., to those located in the United States), as needed, based on its legal, regulatory, contractual and other security and privacy-related obligations. |
|
5 |
| hipaa |
1622.09l2Organizational.23-09.l |
hipaa-1622.09l2Organizational.23-09.l |
1622.09l2Organizational.23-09.l |
16 Business Continuity & Disaster Recovery |
1622.09l2Organizational.23-09.l 09.05 Information Back-Up |
Shared |
n/a |
The integrity and security of the backup copies are maintained to ensure future availability, and any potential accessibility problems with the backup copies are identified and mitigated in the event of an area-wide disaster. |
|
4 |
| ISO27001-2013 |
A.11.1.4 |
ISO27001-2013_A.11.1.4 |
ISO 27001:2013 A.11.1.4 |
Physical And Environmental Security |
Protecting against external and environmental threats |
Shared |
n/a |
Physical protection against natural disasters, malicious attack or accidents shall be designed and applied. |
link |
9 |
| ISO27001-2013 |
A.17.1.2 |
ISO27001-2013_A.17.1.2 |
ISO 27001:2013 A.17.1.2 |
Information Security Aspects Of Business Continuity Management |
Implementing information security continuity |
Shared |
n/a |
The organization shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation. |
link |
18 |
| ISO27001-2013 |
A.17.2.1 |
ISO27001-2013_A.17.2.1 |
ISO 27001:2013 A.17.2.1 |
Information Security Aspects Of Business Continuity Management |
Availability of information processing facilities |
Shared |
n/a |
Information processing facilities shall be implemented with redundancy sufficient to meet availability requirements. |
link |
17 |
| NIST_SP_800-53_R4 |
CP-6(3) |
NIST_SP_800-53_R4_CP-6(3) |
NIST SP 800-53 Rev. 4 CP-6 (3) |
Contingency Planning |
Accessibility |
Shared |
n/a |
The organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.
Supplemental Guidance: Area-wide disruptions refer to those types of disruptions that are broad in geographic scope (e.g., hurricane, regional power outage) with such determinations made by organizations based on organizational assessments of risk. Explicit mitigation actions include, for example: (i) duplicating backup information at other alternate storage sites if access problems occur at originally designated alternate sites; or (ii) planning for physical access to retrieve backup information if electronic accessibility to the alternate site is disrupted. Related control: RA-3. |
link |
1 |
| NIST_SP_800-53_R5 |
CP-6(3) |
NIST_SP_800-53_R5_CP-6(3) |
NIST SP 800-53 Rev. 5 CP-6 (3) |
Contingency Planning |
Accessibility |
Shared |
n/a |
Identify potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outline explicit mitigation actions. |
link |
1 |
| SWIFT_CSCF_v2022 |
9.2 |
SWIFT_CSCF_v2022_9.2 |
SWIFT CSCF v2022 9.2 |
9. Ensure Availability through Resilience |
Providers must ensure that the service remains available for customers in the event of a site disaster. |
Shared |
n/a |
Providers must ensure that the service remains available for customers in the event of a site disaster. |
link |
13 |