NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-6(1)Separation from Primary Site

Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Threats that affect alternate storage sites are defined in organizational risk assessments and include natural disasters, structural failures, hostile attacks, and errors of omission or commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate storage sites based on the types of threats that are of concern. For threats such as hostile attacks, the degree of separation between sites is less relevant.

Practitioner Notes

This enhancement requires your alternate storage site to be geographically separated from the primary site — far enough that a single disaster (flood, hurricane) cannot affect both.

Example 1: Store backup replicas in an Azure region at least 300 miles from your primary region (e.g., East US primary, West US secondary) to protect against regional disasters.

Example 2: Choose an offsite tape storage facility in a different FEMA flood zone and different utility grid than your primary data center.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(2) Capacity Planning