SC-36—Distributed Processing And Storage
>Control Description
Distribute the following processing and storage components across multiple ☑physical locations; logical domains: ⚙organization-defined processing and storage components.
>Control Enhancements(2)
>Cross-Framework Mappings
NIST CSF 2.0
via NIST CSF 2.0 Concept Crosswalk>Supplemental Guidance
Distributing processing and storage across multiple physical locations or logical domains provides a degree of redundancy or overlap for organizations. The redundancy and overlap increase the work factor of adversaries to adversely impact organizational operations, assets, and individuals. The use of distributed processing and storage does not assume a single primary processing or storage location.
Therefore, it allows for parallel processing and storage.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of distributed processing and storage?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-36?
Technical Implementation:
- •How is distributed processing and storage technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that distributed processing and storage remains effective as the system evolves?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-36?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
Ask AI
Configure your API key to use AI features.