A cold site is a backup facility that provides basic infrastructure — power, cooling, physical space, and network connectivity — but no pre-installed equipment or data. Recovering to a cold site requires shipping hardware, installing software, and restoring from backups, taking days to weeks.
Cold sites are the least expensive recovery option but provide the slowest recovery. They contrast with warm sites (partially equipped hardware requiring configuration) and hot sites (fully operational mirrors). The choice reflects the organization’s Recovery Time Objective.
CISSP Relevance
Cold sites appear in Domain 7 (Security Operations) under business continuity and disaster recovery planning. CISSP candidates must understand the tradeoffs between cold, warm, and hot sites and how these options connect to Recovery Time Objectives established in the Business Impact Analysis.
External reference: NIST SP 800-34 Contingency Planning Guide
Related terms: Disaster Recovery, Recovery Time Objective