800-53|CP-6

Title

ALTERNATE STORAGE SITE

Description

The organization:

Supplemental

Alternate storage sites are sites that are geographically distinct from primary storage sites. An alternate storage site maintains duplicate copies of information and data in the event that the primary storage site is not available. Items covered by alternate storage site agreements include, for example, environmental conditions at alternate sites, access rules, physical and environmental protection requirements, and coordination of delivery/retrieval of backup media. Alternate storage sites reflect the requirements in contingency plans so that organizations can maintain essential missions/business functions despite disruption, compromise, or failure in organizational information systems.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CP-10,CP-2,CP-7,CP-9,MP-4

Category: CONTINGENCY PLANNING

Family: CONTINGENCY PLANNING

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.4 Ensure 'Password Recovery' is disabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.3.1 Ensure 'Image Integrity' is correct	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.5.1 If SNMPv2 is in use, use a Complex Community String	Cisco	CIS Cisco NX-OS L1 v1.1.0
1.8.1 Disable Power on Auto Provisioning (POAP)	Cisco	CIS Cisco NX-OS L2 v1.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.5 Ensure 'SNMP community string' is not the default string	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
2.3 Ensure 'DNS Guard' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L2 v1.1.0
3.1 Ensure DNS services are configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
3.2.4 Disable IP Directed Broadcasts on all Layer 3 Interfaces	Cisco	CIS Cisco NX-OS L1 v1.1.0
3.2.5 Disable IP Source-Routing	Cisco	CIS Cisco NX-OS L1 v1.1.0
3.3 Ensure packet fragments are restricted for untrusted interfaces	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
3.3.1.4 Ensure IPv6 firewall rules exist for all open ports	Unix	CIS Google Container-Optimized OS v1.2.0 L2 Server
3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
3.7 Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
4.6.4 The default namespace should not be used	GCP	CIS Google Kubernetes Engine (GKE) v1.6.1 L2
5.4 Ensure to disable unused services in BIG-IP configuration	F5	CIS F5 Networks v1.0.0 L1
5.7.4 The default namespace should not be used	Unix	CIS Kubernetes v1.10.0 L2 Master
5.10 Ensure that the host's network namespace is not shared	Unix	CIS Docker v1.7.0 L1 Docker - Linux
6.1 Ensure that SNMP access is allowed to trusted agents IPs only	F5	CIS F5 Networks v1.0.0 L1
6.2 Ensure minimum SNMP version is set to V3 for agent access	F5	CIS F5 Networks v1.0.0 L1
6.5 Ensure that 2048 bit keys are used for signing and encrypting SOAP messages with WS-Security policy	Unix	CIS IBM WebSphere Liberty v1.0.0 L1
9.2 Enable Backup Redundancy	IBM_DB2DB	CIS IBM DB2 11 v1.1.0 Database Level 1

Detections

Analytics