System Security Plan (ssp) Categorization: Moderate-Low-Low


Contingency Planning (CP)



Download 0.65 Mb.
Page10/16
Date02.05.2018
Size0.65 Mb.
#47206
1   ...   6   7   8   9   10   11   12   13   ...   16

Contingency Planning (CP)

  1. CP-1 – Contingency Planning Policy and Procedures


Program-specific policies and procedures shall be included in the specific security controls listed below. There is no requirement for the Program to develop additional policy to meet the -1 control. For additional information on the types of contingency plans, review the section in the DAA PM.

Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. CP-2 – Contingency Plan – Maybe tailor out based on contract requirements.


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Distributes copies of the contingency plan to personnel or roles and organizational elements identified in the contingency plan via an information sharing capability

Click here to enter text.

  1. Coordinates contingency planning activities with incident handling activities

Click here to enter text.

  1. Reviews the contingency plan for the information system at least annually

Click here to enter text.

  1. Updates the contingency plan to address changes to the organization, information system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing

Click here to enter text.

  1. Communicates contingency plan changes to stakeholders identified in the contingency plan

Click here to enter text.

  1. Protects the contingency plan from unauthorized disclosure and modification

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. CP-3 – Contingency Training


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. CP-4 – Contingency Plan Testing and Exercises


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Documents and reviews the contingency plan test/exercise results, identifies weaknesses and initiates corrective actions if needed

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. CP-7 – Alternate Processing Site


After a relevance determination, this control can be tailored out for standalone IS.

Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Ensure that equipment and supplies required to resume operations are available at the alternate site or contracts are in place to support delivery to the site in time to support the organization-defined time period for resumption

Tailored out, low availability impact

  1. Ensure that the alternate processing site provides information security safeguards equivalent to that of the primary site

Tailored out, low availability impact

  1. Develop alternate processing site agreements (e.g., MOA/MOU) that contain priority-of-service provisions in accordance with the organization’s availability requirements

Tailored out, low availability impact

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. CP-9 – Information System Backup


Recommended Continuous Monitoring Frequency: Weekly

Program Frequency:




  1. Conduct backups of information system documentation including security-related documentation when created or received, when updated, and as required by system baseline configuration changes in accordance with the contingency plan.

Click here to enter text.

  1. Conduct backups of information system documentation including security-related documentation when created or received, when updated, and as required by system baseline configuration changes in accordance with the contingency plan.

Click here to enter text.

  1. Protects the confidentiality, integrity, and availability of backup information at storage locations

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. CP-10 – Information System Recovery and Reconstitution


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.



    1. Download 0.65 Mb.

      Share with your friends:
1   ...   6   7   8   9   10   11   12   13   ...   16




The database is protected by copyright ©ininet.org 2024
send message

    Main page