NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-36Distributed Processing and Storage

Distribute the following processing and storage components across multiple {{ insert: param, sc-36_prm_1 }}: {{ insert: param, sc-36_prm_2 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Distributing processing and storage across multiple physical locations or logical domains provides a degree of redundancy or overlap for organizations. The redundancy and overlap increase the work factor of adversaries to adversely impact organizational operations, assets, and individuals. The use of distributed processing and storage does not assume a single primary processing or storage location. Therefore, it allows for parallel processing and storage.

Practitioner Notes

Distribute processing and storage across multiple locations so that a single physical attack, disaster, or compromise cannot take out your entire operation.

Example 1: Replicate critical databases between two data centers in different geographic regions. If one site is destroyed by a natural disaster or compromised by an attacker, the other site has a current copy of the data and can take over operations.

Example 2: Use cloud-based storage with cross-region replication (like Azure GRS or AWS S3 Cross-Region Replication) for critical business data. Your data is automatically copied to a geographically separate location, providing resilience against regional outages and targeted attacks.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability