CCI-004030

Implementation Guidance

Determine if system components used for recovery and reconstitution are protected.

Validation Procedures

Examine: [SELECT FROM: Contingency planning policy; procedures addressing system recovery and reconstitution; contingency plan; system design documentation; system configuration settings and associated documentation; logical access credentials; physical access credentials; logical access authorization records; physical access authorization records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system recovery and reconstitution responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for protecting backup and restoration of hardware, firmware, and software; mechanisms supporting and/or implementing protection of backups and restoration of hardware, firmware, and software].