NIST 800-53 r5 · Controls catalogue · Family CP
CP-7Alternate Processing Site
Establish an alternate processing site, including necessary agreements to permit the transfer and resumption of {{ insert: param, cp-07_odp.01 }} for essential mission and business functions within {{ insert: param, cp-07_odp.02 }} when the primary processing capabilities are unavailable; Make available at the alternate processing site, the equipment and supplies required to transfer and resume operations or put contracts in place to support delivery to the site within the organization-defined time period for transfer and resumption; and Provide controls at the alternate processing site that are equivalent to those at the primary site.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (16)
- T1070 Indicator Removal Stealth
- T1070.008 Clear Mailbox Data Stealth
- T1119 Automated Collection Collection
- T1485 Data Destruction Impact
- T1486 Data Encrypted for Impact Impact
- T1490 Inhibit System Recovery Impact
- T1491 Defacement Impact
- T1491.001 Internal Defacement Impact
- T1491.002 External Defacement Impact
- T1561 Disk Wipe Impact
- T1561.001 Disk Content Wipe Impact
- T1561.002 Disk Structure Wipe Impact
- T1565 Data Manipulation Impact
- T1565.001 Stored Data Manipulation Impact
- T1685.005 Clear Windows Event Logs Defense Impairment
- T1685.006 Clear Linux or Mac System Logs Defense Impairment
Weaknesses this control addresses (6)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-400 | Uncontrolled Resource Consumption | 3,324 | Alternate site allows resumption of operations if resource exhaustion at the primary site is exploited to cause unavailability. |
CWE-770 | Allocation of Resources Without Limits or Throttling | 1,979 | Provides continuity when unbounded resource allocation at the primary site leads to exhaustion and downtime. |
CWE-835 | Loop with Unreachable Exit Condition ('Infinite Loop') | 924 | Enables transfer to alternate site if an infinite loop at the primary renders processing unavailable. |
CWE-674 | Uncontrolled Recursion | 442 | Supports resumption at alternate site when uncontrolled recursion causes primary site failure or crash. |
CWE-405 | Asymmetric Resource Consumption (Amplification) | 40 | Reduces impact of amplification attacks that overwhelm the primary site by allowing operations to shift to an equivalent alternate site. |
CWE-406 | Insufficient Control of Network Message Volume (Network Amplification) | 15 | Limits attacker success in sustaining network amplification DoS against the primary by providing a ready alternate processing capability. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||