SA-09(05) Processing, Storage, and Service Location
Restrict the location of sa-09.05_odp.01 to sa-09.05_odp.02 based on sa-09.05_odp.03.
| Parameter ID | Definition |
|---|---|
| sa-09.05_odp.01 |
Selection (one-or-more):
|
| sa-09.05_odp.02 | locations |
| sa-09.05_odp.03 | requirements |
Baselines
- L
- M
- H
- P
Guidance
The location of information processing, information and data storage, or system services can have a direct impact on the ability of organizations to successfully execute their mission and business functions. The impact occurs when external providers control the location of processing, storage, or services. The criteria that external providers use for the selection of processing, storage, or service locations may be different from the criteria that organizations use. For example, organizations may desire that data or information storage locations be restricted to certain locations to help facilitate incident response activities in case of information security incidents or breaches. Incident response activities, including forensic analyses and after-the-fact investigations, may be adversely affected by the governing laws, policies, or protocols in the locations where processing and storage occur and/or the locations from which system services emanate.
Related controls 2
- SA-05 System Documentation L M H P
- SR-04 Provenance L M H P