CP-10 System Recovery and Reconstitution
Provide for the recovery and reconstitution of the system to a known state within cp-10_prm_1 after a disruption, compromise, or failure.
| Parameter ID | Definition |
|---|---|
| cp-10_prm_1 | organization-defined time period consistent with recovery time and recovery point objectives |
| cp-10_odp.01 | time period |
| cp-10_odp.02 | time period |
Baselines
- L
- M
- H
- P
Guidance
Recovery is executing contingency plan activities to restore organizational mission and business functions. Reconstitution takes place following recovery and includes activities for returning systems to fully operational states. Recovery and reconstitution operations reflect mission and business priorities; recovery point, recovery time, and reconstitution objectives; and organizational metrics consistent with contingency plan requirements. Reconstitution includes the deactivation of interim system capabilities that may have been needed during recovery operations. Reconstitution also includes assessments of fully restored system capabilities, reestablishment of continuous monitoring activities, system reauthorization (if required), and activities to prepare the system and organization for future disruptions, breaches, compromises, or failures. Recovery and reconstitution capabilities can include automated mechanisms and manual procedures. Organizations establish recovery time and recovery point objectives as part of contingency planning.
References 1
- SP 800-34 Swanson MA, Bowen P, Phillips AW, Gallup D, Lynes D (2010) Contingency Planning Guide for Federal Information Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-34, Rev. 1, Includes updates as of November 11, 2010.
Control Enhancements 6
- CP-10(01) Contingency Plan Testing
- CP-10(02) Transaction Recovery L M H P
- CP-10(03) Compensating Security Controls
- CP-10(04) Restore Within Time Period L M H P
- CP-10(05) Failover Capability
- CP-10(06) Component Protection L M H P
Related controls 9
- CP-02 Contingency Plan L M H P
- CP-04 Contingency Plan Testing L M H P
- CP-06 Alternate Storage Site L M H P
- CP-07 Alternate Processing Site L M H P
- CP-09 System Backup L M H P
- IR-04 Incident Handling L M H P
- SA-08 Security and Privacy Engineering Principles L M H P
- SC-24 Fail in Known State L M H P
- SI-13 Predictable Failure Prevention L M H P