☐ Service Provider Hybrid (Corporate and System Specific)
☐ Configured by Customer (Customer System Specific)
☐ Provided by Customer (Customer System Specific)
☐ Shared (Service Provider and Customer Responsibility)
☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,
CP-7 What is the solution and how is it implemented?
Part a
Part b
Part c
CP-7 (1) Control Enhancement (M) (H)
The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats.
Guidance: The service provider may determine what is considered a sufficient degree of separation between the primary and alternate processing sites, based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber-attack), the degree of separation between sites will be less relevant.
CP-7 (1)
Control Summary Information
Responsible Role:
Implementation Status (check all that apply):
☐ Implemented
☐ Partially implemented
☐ Planned
☐ Alternative implementation
☐ Not applicable
Control Origination (check all that apply):
☐ Service Provider Corporate
☐ Service Provider System Specific
☐ Service Provider Hybrid (Corporate and System Specific)
☐ Configured by Customer (Customer System Specific)
☐ Provided by Customer (Customer System Specific)
☐ Shared (Service Provider and Customer Responsibility)
☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,
CP-7 (1) What is the solution and how is it implemented?
