CCI-002859

Defines the alternative or supplemental security mechanisms that will be employed for satisfying organization-defined security functions when the primary means of implementing the security function is unavailable or compromised.

Implementation Guidance

Determine if [CP-13_ODP[01]; alternative or supplemental security mechanisms are defined] are employed for satisfying [CP-13_ODP[02]; security functions are defined] when the primary means of implementing the security function is unavailable or compromised.

Validation Procedures

Examine: [SELECT FROM: Contingency planning policy; procedures addressing alternate security mechanisms; contingency plan; continuity of operations plan; system design documentation; system configuration settings and associated documentation; contingency plan test records; contingency plan test results; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system operation responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: system capability implementing alternative security mechanisms].

The controls below (if any) were marked by NIST as being related to CCI-002859.