Detections
Analytics

800-53|CP-2

Title

CONTINGENCY PLAN

Description

The organization:

Supplemental

Contingency planning for information systems is part of an overall organizational program for achieving continuity of operations for mission/business functions. Contingency planning addresses both information system restoration and implementation of alternative mission/business processes when systems are compromised. The effectiveness of contingency planning is maximized by considering such planning throughout the phases of the system development life cycle. Performing contingency planning on hardware, software, and firmware development can be an effective means of achieving information system resiliency. Contingency plans reflect the degree of restoration required for organizational information systems since not all systems may need to fully recover to achieve the level of continuity of operations desired. Information system recovery objectives reflect applicable laws, Executive Orders, directives, policies, standards, regulations, and guidelines. In addition to information system availability, contingency plans also address other security-related events resulting in a reduction in mission and/or business effectiveness, such as malicious attacks compromising the confidentiality or integrity of information systems. Actions addressed in contingency plans include, for example, orderly/graceful degradation, information system shutdown, fallback to a manual mode, alternate information flows, and operating in modes reserved for when systems are under attack. By closely coordinating contingency planning with incident handling activities, organizations can ensure that the necessary contingency planning activities are in place and activated in the event of a security incident.

Reference Item Details

Related: AC-14,CP-10,CP-6,CP-7,CP-8,CP-9,IR-4,IR-8,MP-2,MP-4,MP-5,PM-11,PM-8

Category: CONTINGENCY PLANNING

Family: CONTINGENCY PLANNING

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1.5 Disaster Recovery (DR) PlanUnixCIS Oracle MySQL Community Server 8.4 v1.0.0 L1 OS Linux on Linux
2.1.5 Disaster Recovery (DR) PlanUnixCIS MySQL 8.0 Community Linux OS L1 v1.1.0
2.1.6 Disaster Recovery (DR) PlanWindowsCIS MySQL 5.7 Enterprise Windows OS L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanWindowsCIS MySQL 5.6 Community Windows OS L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanWindowsCIS MySQL 5.7 Community Windows OS L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanMySQLDBCIS MariaDB 10.6 Database L1 v1.1.0
2.1.6 Disaster Recovery (DR) PlanUnixCIS MySQL 5.6 Community Linux OS L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanUnixCIS MySQL 5.7 Community Linux OS L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanUnixCIS MySQL 8.0 Enterprise Linux OS L1 v1.4.0
2.1.6 Disaster Recovery (DR) PlanMySQLDBCIS MySQL 5.6 Community Database L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanUnixCIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanUnixCIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L1 MySQL OS Linux
2.1.6 Disaster recovery planMySQLDBCIS MySQL 5.6 Enterprise Database L1 v2.0.0
2.1.6 Disaster recovery planWindowsCIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0
2.1.6 Disaster recovery planUnixCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0
3.3.5 Ensure the Key Vault is Recoverablemicrosoft_azureCIS Microsoft Azure Foundations v3.0.0 L1
4.3 Ensure that the DATA_RETENTION_TIME_IN_DAYS parameter is set to 90 for critical dataSnowflakeCIS Snowflake Foundations v1.0.0 L2
4.10 Ensure Soft Delete is Enabled for Azure Containers and Blob Storagemicrosoft_azureCIS Microsoft Azure Foundations v3.0.0 L1
MS.DEFENDER.4.5v1 - A list of apps that are restricted from accessing files protected by DLP policy SHOULD be defined.microsoft_azureCISA SCuBA Microsoft 365 Defender v1.5.0
MS.DEFENDER.4.6v1 - The custom policy SHOULD include an action to block access to sensitivemicrosoft_azureCISA SCuBA Microsoft 365 Defender v1.5.0