800-53|CP-7

Title

ALTERNATE PROCESSING SITE

Description

The organization:

Supplemental

Alternate processing sites are sites that are geographically distinct from primary processing sites. An alternate processing site provides processing capability in the event that the primary processing site is not available. Items covered by alternate processing site agreements include, for example, environmental conditions at alternate sites, access rules, physical and environmental protection requirements, and coordination for the transfer/assignment of personnel. Requirements are specifically allocated to alternate processing sites that reflect the requirements in contingency plans to maintain essential missions/business functions despite disruption, compromise, or failure in organizational information systems.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CP-10,CP-2,CP-6,CP-8,CP-9,MA-6

Category: CONTINGENCY PLANNING

Family: CONTINGENCY PLANNING

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.3.1 Ensure 'Image Integrity' is correct	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.5.1 Ensure 'ASDM banner' is set	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.5.1 If SNMPv2 is in use, use a Complex Community String	Cisco	CIS Cisco NX-OS L1 v1.1.0
1.5.2 Ensure 'EXEC banner' is set	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.5.3 Ensure 'LOGIN banner' is set	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.5.4 Ensure 'MOTD banner' is set	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bits	Cisco	CIS Cisco ASA 9.x Firewall L2 v1.1.0
1.8.1 Disable Power on Auto Provisioning (POAP)	Cisco	CIS Cisco NX-OS L2 v1.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.4 Ensure 'SNMP traps' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.5 Ensure 'SNMP community string' is not the default string	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
2.1.1 Ensure 'OSPF authentication' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L2 v1.1.0
2.1.2 Ensure 'EIGRP authentication' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L2 v1.1.0
2.1.3 Ensure 'BGP authentication' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L2 v1.1.0
2.2 Ensure 'noproxyarp' is enabled for untrusted interfaces	Cisco	CIS Cisco ASA 9.x Firewall L2 v1.1.0
2.2.1 Ensure Trusted Locations Are Defined	microsoft_azure	CIS Microsoft Azure Foundations v3.0.0 L2
2.3 Ensure 'DNS Guard' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L2 v1.1.0
2.4 Ensure DHCP services are disabled for untrusted interfaces	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
2.4 Ensure Docker is allowed to make changes to iptables - daemon.json	Unix	CIS Docker v1.6.0 L1 Docker Linux
2.4 Ensure Docker is allowed to make changes to iptables - dockerd	Unix	CIS Docker v1.6.0 L1 Docker Linux
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabled	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabled	Palo_Alto	CIS Palo Alto Firewall 10 v1.2.0 L1
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabled	Palo_Alto	CIS Palo Alto Firewall 11 v1.1.0 L1
2.4.6 Apply Local-in Policies	FortiGate	CIS Fortigate 7.0.x v1.3.0 L1
18.5.11.1 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.5.11.1 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.5.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.5.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC
18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS

Detections

Analytics