Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization plans for the continuance of essential missions and business functions with little or no loss of operational continuity and sustains that continuity until full information system restoration at primary processing and/or storage sites.
NIST 800-53 (r4) Supplemental Guidance:
Organizations may choose to carry out the contingency planning activities in this control enhancement as part of organizational business continuity planning including, for example, as part of business impact analyses. Primary processing and/or storage sites defined by organizations as part of contingency planning may change depending on the circumstances associated with the contingency (e.g., backup sites may become primary sites). Related control: PE-12.
NIST 800-53 (r5) Discussion:
Organizations may choose to conduct the contingency planning activities to continue mission and business functions as part of business continuity planning or business impact analyses. Primary processing and/or storage sites defined by organizations as part of contingency planning may change depending on the circumstances associated with the contingency.
38North Guidance:
Meets Minimum Requirement:
Document the assets, elements, system components/services, etc., identified as essential to missions and business functions associated with the information system.
CP must cover the information system's ability to alternate between primary and alternate processing and storage sites without interruption to essential elements.
Best Practice:
TBD.
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
The organization's CP highlighting the ability to provide business continuity during disaster recovery.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse