800-53|CP-6

Title

ALTERNATE STORAGE SITE

Description

The organization:

Supplemental

Alternate storage sites are sites that are geographically distinct from primary storage sites. An alternate storage site maintains duplicate copies of information and data in the event that the primary storage site is not available. Items covered by alternate storage site agreements include, for example, environmental conditions at alternate sites, access rules, physical and environmental protection requirements, and coordination of delivery/retrieval of backup media. Alternate storage sites reflect the requirements in contingency plans so that organizations can maintain essential missions/business functions despite disruption, compromise, or failure in organizational information systems.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CP-10,CP-2,CP-7,CP-9,MP-4

Category: CONTINGENCY PLANNING

Family: CONTINGENCY PLANNING

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.1 Ensure Trusted Locations Are Defined	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
2.4 Ensure Docker is allowed to make changes to iptables - daemon.json	Unix	CIS Docker v1.6.0 L1 Docker Linux
2.4 Ensure Docker is allowed to make changes to iptables - dockerd	Unix	CIS Docker v1.6.0 L1 Docker Linux
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabled	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabled	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabled	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
2.4.6 Apply Local-in Policies	FortiGate	CIS Fortigate 7.0.x Level 1 v1.2.0
2.4.7 Ensure default Admin ports are changed	FortiGate	CIS Fortigate 7.0.x Level 1 v1.2.0
3.2.1 Ensure source routed packets are not accepted - net.ipv4.conf.all.accept_source_route	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
3.2.1 Ensure source routed packets are not accepted - net.ipv4.conf.default.accept_source_route	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
3.2.1 Ensure source routed packets are not accepted - net.ipv6.conf.all.accept_source_route	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
3.2.1 Ensure source routed packets are not accepted - net.ipv6.conf.default.accept_source_route	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
3.2.2 Ensure ICMP redirects are not accepted - net.ipv4.conf.all.accept_redirects	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
3.2.2 Ensure ICMP redirects are not accepted - net.ipv4.conf.default.accept_redirects	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
3.2.2 Ensure ICMP redirects are not accepted - net.ipv6.conf.all.accept_redirects	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
3.2.2 Ensure ICMP redirects are not accepted - net.ipv6.conf.default.accept_redirects	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
3.2.3 Ensure secure ICMP redirects are not accepted - net.ipv4.conf.all.secure_redirects	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
3.2.3 Ensure secure ICMP redirects are not accepted - net.ipv4.conf.default.secure_redirects	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
3.10 Ensure Private Endpoints are used to access Storage Accounts	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
18.5.11.1 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.5.11.1 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.5.11.1 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
18.5.11.1 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.5.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2019 MS L1 v2.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2016 MS L1 v2.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2016 DC L1 v2.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 DC
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2019 MS L1 v2.0.0
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2016 DC L1 v2.0.0
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2016 MS L1 v2.0.0
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 DC

Detections

Analytics