← Controls / CP

CP-06 Alternate Storage Site

Contingency Planning

Low Moderate High

Description

The organization identifies an alternate storage site and initiates necessary agreements to permit the storage of information system backup information.

Supplemental Guidance

The frequency of information system backups and the transfer rate of backup information to the alternate storage site (if so designated) are consistent with the organization’s recovery time objectives and recovery point objectives.

MITRE ATT&CK Techniques (8)

ATT&CK v16.1

Techniques mitigated by this control, mapped via CTID.

Defense Evasion 4 Collection 1 Impact 3

Compliance Mappings

ISO 27001:2022

A.5.29A.8.13A.8.14

ISO 27002:2022

5.298.138.14

COBIT 2019

DSS04

CIS Controls v8

CIS 11CIS 11.3CIS 11.4

NIST CSF 2.0

PR.DS-11

SOC 2 TSC

A1.2

CSA CCM v4

BCR-08

CSA AICM v1

BCR-08

FINOS CCC

CCC-C13

IEC 62443

3-3 SR 7.3

NIS2 Directive

Art. 21(2)(c)

PRA Operational Resilience

SS1/21-5.3SS2/21-10.1

MAS TRM

8

ASD Essential Eight

E8-8E8-8 ML2

BSI IT-Grundschutz

CON.3DER.4

ANSSI

Hygiene.30SecNumCloud.18.3

FINMA Circular 2023/1

IV.E(89)IV.E(90)IV.E(91)

OSFI B-13

B-13.2.6

EU GDPR

Art.32(1)(c)

EU DORA

Art.12(2)Art.12(5)

BIO2

5.298.138.14

RBI CSF

ITGRCA.29

FISC Security Guidelines

FISC.F5FISC.O5

LGPD + BCB 4893

BCB.Art.3

HKMA TM-E-1

TME1.6.2TME1.6.4

MLPS 2.0

8.1.4.9

DNB Good Practice

DNB.11.3

NCA ECC

2-93-13-2

UAE IA

T12T7

CBB TM

TM-14

Qatar NIA

BC

CBUAE

CR-13

CBE CSF

OVM-2

SA JS2

JS2-7.5

CBN CSF

Part3.7

BoG CISD

CISD-BCMCISD-XII

BoM CTRM

5.2

IOSCO Cyber Resilience

PFMI-17RR-2

CPMI-IOSCO PFMI

CG.RRPFMI.P17

NYDFS 500

500.16

HIPAA Security Rule

§164.308(a)(7)(i)§164.308(a)(7)(ii)(A)§164.308(a)(7)(ii)(B)§164.310(d)(2)(iv)

ECB CROE

CROE.2.5.2

EBA ICT Guidelines

3.7.2

SEBI CSCRF

BCP-DRRC.RP

BOT Cyber Resilience

Ch4.2

API 1164

Sec 11

IAEA NSS 17-T

Sec 8

Solvency II

DR.266-BCPEIOPA-ICT-4.10

Lloyd's Minimum Standards

MS8.6

NAIC Insurance Data Security

4F-b

FCA SYSC 13

SYSC 13.8.1SYSC 13.8.2

HITRUST CSF v11

09.d12.b

FDA 21 CFR Part 11

§11.10(c)

ISO 27799

12.317.217.3

NHS DSPT

NDG-7.1NDG-7.2

CCSS v9.0

1.03.4

MiCA

Art.68(5)Art.62(6)

Basel SCO60

SCO60.63

SEC Custody (Digital Assets)

SEC-CD-06SEC-CD-08SEC-CD-12

ISO 17799 (legacy)

10.5.1

COBIT 4.1 (legacy)

DS4.1DS4.9