Title

The IDPS must establish organization-defined alternate communications paths for system operations organizational command and control. (Cat II impact)

Discussion

An incident, whether adversarial- or nonadversarial-based, can disrupt established communications paths used for system operations and organizational command and control. Alternate communications paths reduce the risk of all communications paths being affected by the same incident. To compound the problem, the inability of organizational officials to obtain timely information about disruptions or to provide timely direction to operational elements after a communications path incident, can impact the ability of the organization to respond to such incidents in a timely manner. Establishing alternate communications paths for command and control purposes, including designating alternative decision makers if primary decision makers are unavailable and establishing the extent and limitations of their actions, can greatly facilitate the organization's ability to continue to operate and take appropriate actions during an incident.

Check Content

Verify the IDPS is configured to establish organization-defined alternate communications paths for system operations organizational command and control. If the IDPS is not configured to establish organization-defined alternate communications paths for system operations organizational command and control, this is a finding.

Fix Text

Configure the IDPS to establish organization-defined alternate communications paths for system operations organizational command and control.

Additional Identifiers

Rule ID: SV-263665r991599_rule

Vulnerability ID: V-263665

Group Title: SRG-NET-000760

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.