Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization coordinates contingency plan development with organizational elements responsible for related plans.
NIST 800-53 (r4) Supplemental Guidance:
Plans related to contingency plans for organizational information systems include, for example, Business Continuity Plans, Disaster Recovery Plans, Continuity of Operations Plans, Crisis Communications Plans, Critical Infrastructure Plans, Cyber Incident Response Plans, Insider Threat Implementation Plan, and Occupant Emergency Plans.
NIST 800-53 (r5) Discussion:
Plans that are related to contingency plans include Business Continuity Plans, Disaster Recovery Plans, Critical Infrastructure Plans, Continuity of Operations Plans, Crisis Communications Plans, Insider Threat Implementation Plans, Data Breach Response Plans, Cyber Incident Response Plans, Breach Response Plans, and Occupant Emergency Plans.
38North Guidance:
Meets Minimum Requirement:
Document in the CP how other elements (e.g., corporate entities, service teams, etc.) are included in contingency operations and describe the roles and responsibilities required for the tasks and activities stated in the CP.
Best Practice:
Document the dependencies of various CP stakeholders in the CP, Incident Response Plan (IRP), Continuity of Operations (COOP), etc. For descriptions of related plans and what is typically included, see Section 2.2 0f NIST SP 800-34, Contingency Planning Guide for Federal Information Systems.
Unofficial FedRAMP Guidance:
None.
Assessment Evidence:
Screenshot or link to BC/DR pages showing the review and approval history of the BC/DR Plans and playbook(s).
Evidence showing the BC/DR is disseminated to intended personnel.
Meeting minutes, meeting agendas, status reports, etc. showing that ISCP development is coordinated with elements responsible for related plans (e.g., continuity planning, incident response, SSP, etc.).
Contingency Planning Policy.
Evidence of BCP/DR playbooks.
CSP Implementation Tips:
None.
Page updated
Report abuse