NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-7(1)Separation from Primary Site

Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Threats that affect alternate processing sites are defined in organizational assessments of risk and include natural disasters, structural failures, hostile attacks, and errors of omission or commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate processing sites based on the types of threats that are of concern. For threats such as hostile attacks, the degree of separation between sites is less relevant.

Practitioner Notes

This enhancement requires your alternate processing site to be geographically separated from the primary site to protect against regional disasters.

Example 1: Select an alternate Azure region in a different geographic area (e.g., East US and West US) to ensure a regional disaster cannot affect both sites simultaneously.

Example 2: If using physical sites, choose a backup facility at least 100 miles from your primary data center, in a different utility service area and flood zone.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(2) Capacity Planning