NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-6(3)Accessibility

Identify potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outline explicit mitigation actions.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Area-wide disruptions refer to those types of disruptions that are broad in geographic scope with such determinations made by organizations based on organizational assessments of risk. Explicit mitigation actions include duplicating backup information at other alternate storage sites if access problems occur at originally designated alternate sites or planning for physical access to retrieve backup information if electronic accessibility to the alternate site is disrupted.

Practitioner Notes

This enhancement requires your alternate storage site to be accessible during a disruption — there is no point in having backups you cannot reach when you need them.

Example 1: Ensure your offsite Azure or AWS backup storage is accessible via an independent internet connection that does not depend on your primary site's network.

Example 2: Verify that key personnel have VPN credentials and procedures to access the alternate storage site from home or a mobile location during a facility-level disaster.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(2) Capacity Planning