| Control | Status | |
|---|---|---|
| Business Continuity Management System (BCMS) | Mechanisms exist to facilitate the implementation of contingency planning controls to help ensure resilient assets and services (e.g., Continuity of Operations Plan (COOP) or Business Continuity & Disaster Recovery (BC/DR) playbooks). | |
| Coordinate with Related Plans | Mechanisms exist to coordinate contingency plan development with internal and external elements responsible for related plans. | |
| Coordinate With External Service Providers | Mechanisms exist to coordinate internal contingency plans with the contingency plans of external service providers to ensure that contingency requirements can be satisfied. | |
| Recovery Time / Point Objectives (RTO / RPO) | Mechanisms exist to facilitate recovery operations in accordance with Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). | |
| Recovery Operations Criteria | Mechanisms exist to define specific criteria that must be met to initiate Business Continuity / Disaster Recover (BC/DR) plans that facilitate business continuity operations capable of meeting applicable Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). | |
| Recovery Operations Communications | Mechanisms exist to communicate the status of recovery activities and progress in restoring operational capabilities to designated internal and external stakeholders. | |
| Identify Critical Assets | Mechanisms exist to identify and document the critical systems, applications and services that support essential missions and business functions. | |
| Resume All Missions & Business Functions | Mechanisms exist to resume all missions and business functions within Recovery Time Objectives (RTOs) of the contingency plan's activation. | |
| Continue Essential Mission & Business Functions | Mechanisms exist to continue essential missions and business functions with little or no loss of operational continuity and sustain that continuity until full system restoration at primary processing and/or storage sites. | |
| Resume Essential Missions & Business Functions | Mechanisms exist to resume essential missions and business functions within an organization-defined time period of contingency plan activation. | |
| Data Storage Location Reviews | Mechanisms exist to perform periodic security reviews of storage locations that contain sensitive / regulated data. | |
| Contingency Training | Mechanisms exist to adequately train contingency personnel and applicable stakeholders in their contingency roles and responsibilities. | |
| Simulated Events | Mechanisms exist to incorporate simulated events into contingency training to facilitate effective response by personnel in crisis situations. | |
| Contingency Plan Testing & Exercises | Mechanisms exist to conduct tests and/or exercises to evaluate the contingency plan's effectiveness and the organization's readiness to execute the plan. | |
| Coordinated Testing with Related Plans | Mechanisms exist to coordinate contingency plan testing with internal and external elements responsible for related plans. | |
| Contingency Plan Root Cause Analysis (RCA) & Lessons Learned | Mechanisms exist to conduct a Root Cause Analysis (RCA) and "lessons learned" activity every time the contingency plan is activated. | |
| Ongoing Contingency Planning | Mechanisms exist to update contingency plans due to changes affecting: (1) People (e.g., personnel changes); (2) Processes (e.g., new, altered or decommissioned business practices, including third-party services) (3) Technologies (e.g., new, altered or decommissioned technologies); (4) Data (e.g., changes to data flows and/or data repositories); (5) Facilities (e.g., new, altered or decommissioned physical infrastructure); and/or (6) Feedback from contingency plan testing activities. | |
| Alternative Security Measures | Mechanisms exist to implement alternative or compensating controls to satisfy security functions when the primary means of implementing the security function is unavailable or compromised. | |
| Alternate Storage Site | Mechanisms exist to establish an alternate storage site that includes both the assets and necessary agreements to permit the storage and recovery of system backup information. | |
| Separation from Primary Site | Mechanisms exist to separate the alternate storage site from the primary storage site to reduce susceptibility to similar threats. | |
| Accessibility | Mechanisms exist to identify and mitigate potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster. | |
| Alternate Processing Site | Mechanisms exist to establish an alternate processing site that provides security measures equivalent to that of the primary site. | |
| Separation from Primary Site | Mechanisms exist to separate the alternate processing site from the primary processing site to reduce susceptibility to similar threats. | |
| Accessibility | Mechanisms exist to identify and mitigate potential accessibility problems to the alternate processing site and possible mitigation actions, in the event of an area-wide disruption or disaster. | |
| Alternate Site Priority of Service | Mechanisms exist to address priority-of-service provisions in alternate processing and storage sites that support availability requirements, including Recovery Time Objectives (RTOs). | |
| Telecommunications Services Availability | Mechanisms exist to reduce the likelihood of a single point of failure with primary telecommunications services. | |
| Telecommunications Priority of Service Provisions | Mechanisms exist to formalize primary and alternate telecommunications service agreements contain priority-of-service provisions that support availability requirements, including Recovery Time Objectives (RTOs). | |
| Data Backups | Mechanisms exist to create recurring backups of data, software and/or system images, as well as verify the integrity of these backups, to ensure the availability of the data to satisfying Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). | |
| Testing for Reliability & Integrity | Mechanisms exist to routinely test backups that verify the reliability of the backup process, as well as the integrity and availability of the data. | |
| Separate Storage for Critical Information | Mechanisms exist to store backup copies of critical software and other security-related information in a separate facility or in a fire-rated container that is not collocated with the system being backed up. | |
| Information System Imaging | Mechanisms exist to reimage assets from configuration-controlled and integrity-protected images that represent a secure, operational state. | |
| Cryptographic Protection | Cryptographic mechanisms exist to prevent the unauthorized disclosure and/or modification of backup information. | |
| Test Restoration Using Sampling | Mechanisms exist to utilize sampling of available backups to test recovery capabilities as part of business continuity plan testing. | |
| Transfer to Alternate Storage Site | Mechanisms exist to transfer backup data to the alternate storage site at a rate that is capable of meeting both Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). | |
| Redundant Secondary System | Mechanisms exist to maintain a failover system, which is not collocated with the primary system, application and/or service, which can be activated with little-to-no loss of information or disruption to operations. | |
| Information System Recovery & Reconstitution | Mechanisms exist to ensure the secure recovery and reconstitution of systems to a known state after a disruption, compromise or failure. | |
| Transaction Recovery | Mechanisms exist to utilize specialized backup mechanisms that will allow transaction recovery for transaction-based applications and services in accordance with Recovery Point Objectives (RPOs). | |
| Failover Capability | Mechanisms exist to implement real-time or near-real-time failover capability to maintain availability of critical systems, applications and/or services. | |
| Backup & Restoration Hardware Protection | Mechanisms exist to protect backup and restoration hardware and software. | |
| Restoration Integrity Verification | Mechanisms exist to verify the integrity of backups and other restoration assets prior to using them for restoration. | |
| Isolated Recovery Environment | Mechanisms exist to utilize an isolated, non-production environment to perform data backup and recovery operations through offline, cloud or off-site capabilities. |