πΌ CP-2 Contingency Plan (L)(M)(H)
- Contextual name: πΌ CP-2 Contingency Plan (L)(M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/cp/02 - Located in: πΌ Contingency Planning
Descriptionβ
a. Develop a contingency plan for the system that:
-
Identifies essential mission and business functions and associated contingency requirements;
-
Provides recovery objectives, restoration priorities, and metrics;
-
Addresses contingency roles, responsibilities, assigned individuals with contact information;
-
Addresses maintaining essential mission and business functions despite a system disruption, compromise, or failure;
-
Addresses eventual, full system restoration without deterioration of the controls originally planned and implemented;
-
Addresses the sharing of contingency information; and
-
Is reviewed and approved by [Assignment: organization-defined personnel or roles];
b. Distribute copies of the contingency plan to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements];
c. Coordinate contingency planning activities with incident handling activities;
d. Review the contingency plan for the system [FedRAMP Assignment: at least annually];
e. Update the contingency plan to address changes to the organization, system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing;
f. Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements];
g. Incorporate lessons learned from contingency plan testing, training, or actual contingency activities into contingency testing and training; and
h. Protect the contingency plan from unauthorized disclosure and modification.
CP-2 Additional FedRAMP Requirements and Guidance:
Requirement: For JAB authorizations the contingency lists include designated FedRAMP personnel.
Requirement: CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-Appendix-G-Information-System-Contingency-Plan-(ISCP)-Template.docx).
Similarβ
- Sections
/frameworks/fedramp-high-security-controls/cp/02
- Internal
- ID:
dec-c-ec2b11b8
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ CP-2 Contingency Plan (L)(M)(H) | 5 | 1 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CP-2(1) Coordinate with Related Plans (M)(H) | ||||
| πΌ CP-2(3) Resume Mission and Business Functions (M)(H) | ||||
| πΌ CP-2(8) Identify Critical Assets (M)(H) |