Mission critical systems may be unavailable, if the primary security mechanisms fail.
The organization employs [Assignment: organization-defined alternative or supplemental security mechanisms] for satisfying [Assignment: organization-defined security functions] when the primary means of implementing the security function is unavailable or compromised.
An organization may issue to senior executives and system administrators one-time pads in case multifactor tokens, the organization’s standard means for secure remote authentication, is compromised.
