myctrl.tools
Compare

CP-7(1)Separation From Primary Site

MODERATE
HIGH

>Control Description

Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats.

>Cross-Framework Mappings

SCF

BCD-09.1
Compare

>Programmatic Queries

Beta

Related Services

AWS EC2
AWS Auto Scaling
AWS AppConfig

CLI Commands

Create AMI from primary instance
aws ec2 create-image --instance-id i-123456 --name cp-7-1-ami --no-reboot
Launch instance in alternate region from AMI
aws ec2 run-instances --image-id ami-12345678 --instance-type t3.medium --region us-west-2
Create Auto Scaling group in alternate region
aws autoscaling create-auto-scaling-group --auto-scaling-group-name cp-7-1-asg --launch-template LaunchTemplateName=primary-template,Version='$Latest' --availability-zones us-west-2a us-west-2b
Get deployment status across regions
aws ec2 describe-instances --filters Name=tag:Environment,Values=production --region us-west-2 --query 'Reservations[*].Instances[*].[InstanceId,State.Name]'
Open AWS ConsoleDocumentation

>Supplemental Guidance

Threats that affect alternate processing sites are defined in organizational assessments of risk and include natural disasters, structural failures, hostile attacks, and errors of omission or commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate processing sites based on the types of threats that are of concern. For threats such as hostile attacks, the degree of separation between sites is less relevant.

>Related Controls

RA-3

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of CP-7(1) (Separation From Primary Site)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring CP-7(1)?
  • How frequently is the CP-7(1) policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures CP-7(1) requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce CP-7(1) requirements.
  • What automated tools, systems, or technologies are deployed to implement CP-7(1)?
  • How is CP-7(1) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce CP-7(1) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of CP-7(1)?
  • What audit logs, records, reports, or monitoring data validate CP-7(1) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of CP-7(1) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate CP-7(1) compliance?

Ask AI

Configure your API key to use AI features.