Show/Hide Toolbars

ABCI Consultants

Guidance for NIST 800-171 Assessment & Compliance

Navigation: CP-FAMILY: CONTINGENCY PLANNING

CP-7 ALTERNATE PROCESSING SITE

Scroll Prev Top Next More

Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

 

 

 

 

 

 

 

 

 

 

 

 

###

cp-7

alternate processing site

 

assessment objective:

Determine if the organization:

cp-7(a)

cp-7(a)[1]

defines information system operations requiring an alternate processing site to be established to permit the transfer and resumption of such operations;

cp-7(a)[2]

defines the time period consistent with recovery time objectives and recovery point objectives (as specified in the information system contingency plan) for transfer/resumption of organization-defined information system operations for essential missions/business functions;

cp-7(a)[3]

establishes an alternate processing site including necessary agreements to permit the transfer and resumption of organization-defined information system operations for essential missions/business functions, within the organization-defined time period, when the primary processing capabilities are unavailable;

cp-7(b)

cp-7(b)[1]

ensures that equipment and supplies required to transfer and resume operations are available at the alternate processing site; or

cp-7(b)[2]

ensures that contracts are in place to support delivery to the site within the organization-defined time period for transfer/resumption; and

cp-7(c)

ensures that the alternate processing site provides information security safeguards equivalent to those of the primary site.

potential assessment methods and objects:

Examine: [select from: Contingency planning policy; procedures addressing alternate processing sites; contingency plan; alternate processing site agreements; primary processing site agreements; spare equipment and supplies inventory at alternate processing site; equipment and supply contracts; service-level agreements; other relevant documents or records].

Interview: [select from: Organizational personnel with responsibilities for contingency planning and/or alternate site arrangements; organizational personnel with information security responsibilities].

Test: [SELECT FROM: Organizational processes for recovery at the alternate site; automated mechanisms supporting and/or implementing recovery at the alternate processing site].

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056