compliance controls are associated with this Policy definition 'Restrict location of information processing, storage and services' (0040d2e5-2779-170d-6a2c-1f5fca353335)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
SA-9(5) |
FedRAMP_High_R4_SA-9(5) |
FedRAMP High SA-9 (5) |
System And Services Acquisition |
Processing, Storage, And Service Location |
Shared |
n/a |
The organization restricts the location of [Selection (one or more): information processing; information/data; information system services] to [Assignment: organization-defined locations] based on [Assignment: organization-defined requirements or conditions].
Supplemental Guidance: The location of information processing, information/data storage, or information system services that are critical to organizations can have a direct impact on the ability of those organizations to successfully execute their missions/business functions. This situation exists when external providers control the location of processing, storage or services. The criteria external providers use for the selection of processing, storage, or service locations may be different from organizational criteria. For example, organizations may want to ensure that data/information storage locations are restricted to certain locations to facilitate incident response activities (e.g., forensic analyses, after-the-fact investigations) in case of information security breaches/compromises. Such incident response activities may be adversely affected
by the governing laws or protocols in the locations where processing and storage occur and/or the locations from which information system services emanate. |
link |
1 |
| FedRAMP_Moderate_R4 |
SA-9(5) |
FedRAMP_Moderate_R4_SA-9(5) |
FedRAMP Moderate SA-9 (5) |
System And Services Acquisition |
Processing, Storage, And Service Location |
Shared |
n/a |
The organization restricts the location of [Selection (one or more): information processing; information/data; information system services] to [Assignment: organization-defined locations] based on [Assignment: organization-defined requirements or conditions].
Supplemental Guidance: The location of information processing, information/data storage, or information system services that are critical to organizations can have a direct impact on the ability of those organizations to successfully execute their missions/business functions. This situation exists when external providers control the location of processing, storage or services. The criteria external providers use for the selection of processing, storage, or service locations may be different from organizational criteria. For example, organizations may want to ensure that data/information storage locations are restricted to certain locations to facilitate incident response activities (e.g., forensic analyses, after-the-fact investigations) in case of information security breaches/compromises. Such incident response activities may be adversely affected
by the governing laws or protocols in the locations where processing and storage occur and/or the locations from which information system services emanate. |
link |
1 |
| hipaa |
0947.09y2Organizational.2-09.y |
hipaa-0947.09y2Organizational.2-09.y |
0947.09y2Organizational.2-09.y |
09 Transmission Protection |
0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services |
Shared |
n/a |
The organization ensures the storage of the transaction details are located outside of any publicly accessible environments (e.g., on a storage platform existing on the organization's intranet) and not retained and exposed on a storage medium directly accessible from the Internet. |
|
11 |
| NIST_SP_800-53_R4 |
SA-9(5) |
NIST_SP_800-53_R4_SA-9(5) |
NIST SP 800-53 Rev. 4 SA-9 (5) |
System And Services Acquisition |
Processing, Storage, And Service Location |
Shared |
n/a |
The organization restricts the location of [Selection (one or more): information processing; information/data; information system services] to [Assignment: organization-defined locations] based on [Assignment: organization-defined requirements or conditions].
Supplemental Guidance: The location of information processing, information/data storage, or information system services that are critical to organizations can have a direct impact on the ability of those organizations to successfully execute their missions/business functions. This situation exists when external providers control the location of processing, storage or services. The criteria external providers use for the selection of processing, storage, or service locations may be different from organizational criteria. For example, organizations may want to ensure that data/information storage locations are restricted to certain locations to facilitate incident response activities (e.g., forensic analyses, after-the-fact investigations) in case of information security breaches/compromises. Such incident response activities may be adversely affected
by the governing laws or protocols in the locations where processing and storage occur and/or the locations from which information system services emanate. |
link |
1 |
| NIST_SP_800-53_R5 |
SA-9(5) |
NIST_SP_800-53_R5_SA-9(5) |
NIST SP 800-53 Rev. 5 SA-9 (5) |
System and Services Acquisition |
Processing, Storage, and Service Location |
Shared |
n/a |
Restrict the location of [Selection (OneOrMore): information processing;information or data;system services] to [Assignment: organization-defined locations] based on [Assignment: organization-defined requirements or conditions]. |
link |
1 |