800-53|CP-6

Title

ALTERNATE STORAGE SITE

Description

The organization:

Supplemental

Alternate storage sites are sites that are geographically distinct from primary storage sites. An alternate storage site maintains duplicate copies of information and data in the event that the primary storage site is not available. Items covered by alternate storage site agreements include, for example, environmental conditions at alternate sites, access rules, physical and environmental protection requirements, and coordination of delivery/retrieval of backup media. Alternate storage sites reflect the requirements in contingency plans so that organizations can maintain essential missions/business functions despite disruption, compromise, or failure in organizational information systems.

Reference Item Details

Related: CP-10,CP-2,CP-7,CP-9,MP-4

Category: CONTINGENCY PLANNING

Family: CONTINGENCY PLANNING

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.4 Ensure 'Password Recovery' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.3.1 Ensure 'Image Integrity' is correctCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.5.1 Ensure 'ASDM banner' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.5.1 If SNMPv2 is in use, use a Complex Community StringCiscoCIS Cisco NX-OS L1 v1.1.0
1.5.2 Ensure 'EXEC banner' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.5.3 Ensure 'LOGIN banner' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.5.4 Ensure 'MOTD banner' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bitsCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
1.8.1 Disable Power on Auto Provisioning (POAP)CiscoCIS Cisco NX-OS L2 v1.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.4 Ensure 'SNMP traps' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
2.1.1 Ensure 'OSPF authentication' is enabledCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
2.1.2 Ensure 'EIGRP authentication' is enabledCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
2.1.3 Ensure 'BGP authentication' is enabledCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
2.2 Ensure 'noproxyarp' is enabled for untrusted interfacesCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
2.2.1 Ensure Trusted Locations Are Definedmicrosoft_azureCIS Microsoft Azure Foundations v3.0.0 L2
2.3 Ensure 'DNS Guard' is enabledCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
2.4 Ensure DHCP services are disabled for untrusted interfacesCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
2.4 Ensure Docker is allowed to make changes to iptablesUnixCIS Docker v1.7.0 L1 Docker - Linux
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 10 v1.2.0 L1
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 11 v1.1.0 L1
2.4.6 Apply Local-in PoliciesFortiGateCIS Fortigate 7.0.x v1.3.0 L1
18.5.11.1 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.5.11.1 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.5.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.5.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L1 v3.0.0
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L1 v3.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC
18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS