compliance controls are associated with this Policy definition 'Establish requirements for internet service providers' (5f2e834d-7e40-a4d5-a216-e49b16955ccf)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
CP-7(3) |
FedRAMP_High_R4_CP-7(3) |
FedRAMP High CP-7 (3) |
Contingency Planning |
Priority Of Service |
Shared |
n/a |
The organization develops alternate processing site agreements that contain priority-of-service provisions in accordance with organizational availability requirements (including recovery time objectives).
Supplemental Guidance: Priority-of-service agreements refer to negotiated agreements with service providers that ensure that organizations receive priority treatment consistent with their availability requirements and the availability of information resources at the alternate processing site. |
link |
2 |
| FedRAMP_High_R4 |
CP-8(1) |
FedRAMP_High_R4_CP-8(1) |
FedRAMP High CP-8 (1) |
Contingency Planning |
Priority Of Service Provisions |
Shared |
n/a |
The organization:
(a) Develops primary and alternate telecommunications service agreements that contain priority- of-service provisions in accordance with organizational availability requirements (including recovery time objectives); and
(b) Requests Telecommunications Service Priority for all telecommunications services used for national security emergency preparedness in the event that the primary and/or alternate telecommunications services are provided by a common carrier.
Supplemental Guidance: Organizations consider the potential mission/business impact in situations where telecommunications service providers are servicing other organizations with similar priority-of-service provisions. |
link |
1 |
| FedRAMP_Moderate_R4 |
CP-7(3) |
FedRAMP_Moderate_R4_CP-7(3) |
FedRAMP Moderate CP-7 (3) |
Contingency Planning |
Priority Of Service |
Shared |
n/a |
The organization develops alternate processing site agreements that contain priority-of-service provisions in accordance with organizational availability requirements (including recovery time objectives).
Supplemental Guidance: Priority-of-service agreements refer to negotiated agreements with service providers that ensure that organizations receive priority treatment consistent with their availability requirements and the availability of information resources at the alternate processing site. |
link |
2 |
| FedRAMP_Moderate_R4 |
CP-8(1) |
FedRAMP_Moderate_R4_CP-8(1) |
FedRAMP Moderate CP-8 (1) |
Contingency Planning |
Priority Of Service Provisions |
Shared |
n/a |
The organization:
(a) Develops primary and alternate telecommunications service agreements that contain priority- of-service provisions in accordance with organizational availability requirements (including recovery time objectives); and
(b) Requests Telecommunications Service Priority for all telecommunications services used for national security emergency preparedness in the event that the primary and/or alternate telecommunications services are provided by a common carrier.
Supplemental Guidance: Organizations consider the potential mission/business impact in situations where telecommunications service providers are servicing other organizations with similar priority-of-service provisions. |
link |
1 |
| hipaa |
1604.12c2Organizational.16789-12.c |
hipaa-1604.12c2Organizational.16789-12.c |
1604.12c2Organizational.16789-12.c |
16 Business Continuity & Disaster Recovery |
1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management |
Shared |
n/a |
Alternative storage and processing sites are identified (permanent and/or temporary) at a sufficient distance from the primary facility and configured with security measures equivalent to the primary site, and the necessary third-party service agreements have been established to allow for the resumption of information systems operations of critical business functions within the time period defined (e.g., priority of service provisions) based on a risk assessment, including Recovery Time Objectives (RTO), in accordance with the organization's availability requirements. |
|
6 |
| hipaa |
1609.12c3Organizational.12-12.c |
hipaa-1609.12c3Organizational.12-12.c |
1609.12c3Organizational.12-12.c |
16 Business Continuity & Disaster Recovery |
1609.12c3Organizational.12-12.c 12.01 Information Security Aspects of Business Continuity Management |
Shared |
n/a |
Alternate telecommunications services that are sufficiently separated from the primary service provider are established with priority-of-service provisions. |
|
1 |
| hipaa |
1619.09l1Organizational.7-09.l |
hipaa-1619.09l1Organizational.7-09.l |
1619.09l1Organizational.7-09.l |
16 Business Continuity & Disaster Recovery |
1619.09l1Organizational.7-09.l 09.05 Information Back-Up |
Shared |
n/a |
Inventory records for the backup copies, including content and current location, are maintained. |
|
2 |
| ISO27001-2013 |
A.11.2.2 |
ISO27001-2013_A.11.2.2 |
ISO 27001:2013 A.11.2.2 |
Physical And Environmental Security |
Supporting utilities |
Shared |
n/a |
Equipment shall be protected from power failures and other disruptions caused by failures in supporting utilities. |
link |
3 |
| ISO27001-2013 |
A.17.1.2 |
ISO27001-2013_A.17.1.2 |
ISO 27001:2013 A.17.1.2 |
Information Security Aspects Of Business Continuity Management |
Implementing information security continuity |
Shared |
n/a |
The organization shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation. |
link |
18 |
|
mp.if.3 Fitting-out of premises |
mp.if.3 Fitting-out of premises |
404 not found |
|
|
|
n/a |
n/a |
|
18 |
|
mp.if.4 Electrical energy |
mp.if.4 Electrical energy |
404 not found |
|
|
|
n/a |
n/a |
|
8 |
| NIST_SP_800-53_R4 |
CP-7(3) |
NIST_SP_800-53_R4_CP-7(3) |
NIST SP 800-53 Rev. 4 CP-7 (3) |
Contingency Planning |
Priority Of Service |
Shared |
n/a |
The organization develops alternate processing site agreements that contain priority-of-service provisions in accordance with organizational availability requirements (including recovery time objectives).
Supplemental Guidance: Priority-of-service agreements refer to negotiated agreements with service providers that ensure that organizations receive priority treatment consistent with their availability requirements and the availability of information resources at the alternate processing site. |
link |
2 |
| NIST_SP_800-53_R4 |
CP-8(1) |
NIST_SP_800-53_R4_CP-8(1) |
NIST SP 800-53 Rev. 4 CP-8 (1) |
Contingency Planning |
Priority Of Service Provisions |
Shared |
n/a |
The organization:
(a) Develops primary and alternate telecommunications service agreements that contain priority- of-service provisions in accordance with organizational availability requirements (including recovery time objectives); and
(b) Requests Telecommunications Service Priority for all telecommunications services used for national security emergency preparedness in the event that the primary and/or alternate telecommunications services are provided by a common carrier.
Supplemental Guidance: Organizations consider the potential mission/business impact in situations where telecommunications service providers are servicing other organizations with similar priority-of-service provisions. |
link |
1 |
| NIST_SP_800-53_R5 |
CP-7(3) |
NIST_SP_800-53_R5_CP-7(3) |
NIST SP 800-53 Rev. 5 CP-7 (3) |
Contingency Planning |
Priority of Service |
Shared |
n/a |
Develop alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives). |
link |
2 |
| NIST_SP_800-53_R5 |
CP-8(1) |
NIST_SP_800-53_R5_CP-8(1) |
NIST SP 800-53 Rev. 5 CP-8 (1) |
Contingency Planning |
Priority of Service Provisions |
Shared |
n/a |
(a) Develop primary and alternate telecommunications service agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives); and
(b) Request Telecommunications Service Priority for all telecommunications services used for national security emergency preparedness if the primary and/or alternate telecommunications services are provided by a common carrier. |
link |
1 |
| SWIFT_CSCF_v2022 |
9.2 |
SWIFT_CSCF_v2022_9.2 |
SWIFT CSCF v2022 9.2 |
9. Ensure Availability through Resilience |
Providers must ensure that the service remains available for customers in the event of a site disaster. |
Shared |
n/a |
Providers must ensure that the service remains available for customers in the event of a site disaster. |
link |
13 |