An OSCAL Control
Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats.
Threats that affect alternate processing sites are defined in organizational assessments of risk and include natural disasters, structural failures, hostile attacks, and errors of omission or commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate processing sites based on the types of threats that are of concern. For threats such as hostile attacks, the degree of separation between sites is less relevant.
an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats is identified.
Contingency planning policy
procedures addressing alternate processing sites
contingency plan
alternate processing site
alternate processing site agreements
primary processing site agreements
system security plan
other relevant documents or records
Organizational personnel with contingency plan alternate processing site responsibilities
organizational personnel with system recovery responsibilities
organizational personnel with information security responsibilities