Detections
Analytics

800-53|CP-7

Title

ALTERNATE PROCESSING SITE

Description

The organization:

Supplemental

Alternate processing sites are sites that are geographically distinct from primary processing sites. An alternate processing site provides processing capability in the event that the primary processing site is not available. Items covered by alternate processing site agreements include, for example, environmental conditions at alternate sites, access rules, physical and environmental protection requirements, and coordination for the transfer/assignment of personnel. Requirements are specifically allocated to alternate processing sites that reflect the requirements in contingency plans to maintain essential missions/business functions despite disruption, compromise, or failure in organizational information systems.

Reference Item Details

Related: CP-10,CP-2,CP-6,CP-8,CP-9,MA-6

Category: CONTINGENCY PLANNING

Family: CONTINGENCY PLANNING

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3.1 Ensure 'Image Integrity' is correctCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.5.1 If SNMPv2 is in use, use a Complex Community StringCiscoCIS Cisco NX-OS L1 v1.1.0
1.8.1 Disable Power on Auto Provisioning (POAP)CiscoCIS Cisco NX-OS L2 v1.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
2.3 Ensure 'DNS Guard' is enabledCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
3.1 Ensure DNS services are configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
3.2.4 Disable IP Directed Broadcasts on all Layer 3 InterfacesCiscoCIS Cisco NX-OS L1 v1.1.0
3.2.5 Disable IP Source-RoutingCiscoCIS Cisco NX-OS L1 v1.1.0
3.3 Ensure packet fragments are restricted for untrusted interfacesCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
3.3.1.4 Ensure IPv6 firewall rules exist for all open portsUnixCIS Google Container-Optimized OS v1.2.0 L2 Server
3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
3.7 Ensure 'ip verify' is set to 'reverse-path' for untrusted interfacesCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
4.6.4 The default namespace should not be usedGCPCIS Google Kubernetes Engine (GKE) v1.6.1 L2
5.4 Ensure to disable unused services in BIG-IP configurationF5CIS F5 Networks v1.0.0 L1
5.7.4 The default namespace should not be usedUnixCIS Kubernetes v1.10.0 L2 Master
5.10 Ensure that the host's network namespace is not sharedUnixCIS Docker v1.7.0 L1 Docker - Linux
6.1 Ensure that SNMP access is allowed to trusted agents IPs onlyF5CIS F5 Networks v1.0.0 L1
6.2 Ensure minimum SNMP version is set to V3 for agent accessF5CIS F5 Networks v1.0.0 L1
6.5 Ensure that 2048 bit keys are used for signing and encrypting SOAP messages with WS-Security policyUnixCIS IBM WebSphere Liberty v1.0.0 L1