CCI-004009

Incorporate lessons learned from contingency plan testing, training, or actual contingency activities into contingency testing and training.

Implementation Guidance

Determine if: - lessons learned from contingency plan testing or actual contingency activities are incorporated into contingency testing. - lessons learned from contingency plan training or actual contingency activities are incorporated into contingency testing and training.

Validation Procedures

Examine: [SELECT FROM: Contingency planning policy; procedures addressing contingency operations for the system; contingency plan; evidence of contingency plan reviews and updates; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with contingency planning and plan implementation responsibilities; organizational personnel with incident handling responsibilities; organizational personnel with knowledge of requirements for mission and business functions; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for contingency plan development, review, update, and protection; mechanisms for developing, reviewing, updating, and/or protecting the contingency plan].

The controls below (if any) were marked by NIST as being related to CCI-004009.