Navigate

CCI-000456

CCI-000456 Definition

Develop a contingency plan for the system that addresses eventual, full system restoration without deterioration of the controls originally planned and implemented.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed must clearly and accurately document eventual, full information system restoration without deterioration of the security safeguards originally planned and implemented for its information system(s).

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the contingency plan to ensure it clearly and accurately documents eventual, full information system restoration without deterioration of the security safeguards originally planned and implemented for its information system(s).

Compelling Evidence

1.) Signed and dated contingency plan, referencing system restoration functions section

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000456.

Control	Description
CP-2	The organization: a: Develops a contingency plan for the information system that: 1: Identifies essential missions and business functions and associated contingency requirements; 2: Provides recovery objectives, restoration priorities, and metrics; 3: Addresses contingency roles, responsibilities, assigned individuals with contact information; 4: Addresses maintaining essential missions and business functions despite an information system disruption, compromise, or failure; 5: Addresses eventual, full information system restoration without deterioration of the security safeguards originally planned and implemented; and 6: Is reviewed and approved by [one of ]; b: Distributes copies of the contingency plan to [one of ]; c: Coordinates contingency planning activities with incident handling activities; d: Reviews the contingency plan for the information system [one of ]; e: Updates the contingency plan to address changes to the organization, information system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing; f: Communicates contingency plan changes to [one of ]; and g: Protects the contingency plan from unauthorized disclosure and modification.

Control

Description

CP-2

The organization:

a: Develops a contingency plan for the information system that:
- 1: Identifies essential missions and business functions and associated contingency requirements;
- 2: Provides recovery objectives, restoration priorities, and metrics;
- 3: Addresses contingency roles, responsibilities, assigned individuals with contact information;
- 4: Addresses maintaining essential missions and business functions despite an information system disruption, compromise, or failure;
- 5: Addresses eventual, full information system restoration without deterioration of the security safeguards originally planned and implemented; and
- 6: Is reviewed and approved by [one of ];

b: Distributes copies of the contingency plan to [one of ];

c: Coordinates contingency planning activities with incident handling activities;

d: Reviews the contingency plan for the information system [one of ];

e: Updates the contingency plan to address changes to the organization, information system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing;

f: Communicates contingency plan changes to [one of ]; and

g: Protects the contingency plan from unauthorized disclosure and modification.