💼 CP-2 Contingency Plan

ID: /frameworks/nist-sp-800-53-r5/cp/02

Description

a. Develop a contingency plan for the system that:

Identifies essential mission and business functions and associated contingency requirements;
Provides recovery objectives, restoration priorities, and metrics;
Addresses contingency roles, responsibilities, assigned individuals with contact information;
Addresses maintaining essential mission and business functions despite a system disruption, compromise, or failure;
Addresses eventual, full system restoration without deterioration of the controls originally planned and implemented;
Addresses the sharing of contingency information; and
Is reviewed and approved by [Assignment: organization-defined personnel or roles]; b. Distribute copies of the contingency plan to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; c. Coordinate contingency planning activities with incident handling activities; d. Review the contingency plan for the system [Assignment: organization-defined frequency]; e. Update the contingency plan to address changes to the organization, system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing; f. Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; g. Incorporate lessons learned from contingency plan testing, training, or actual contingency activities into contingency testing and training; and h. Protect the contingency plan from unauthorized disclosure and modification.

Similar

Internal
- ID: dec-c-649c5c3f

Similar Sections (Give Policies To)

Section	Sub Sections	Policies	Compliance
💼 FedRAMP High Security Controls → 💼 CP-2 Contingency Plan (L)(M)(H)	5	3	no data
💼 FedRAMP Low Security Controls → 💼 CP-2 Contingency Plan (L)(M)(H)			no data
💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations		26	no data
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties		40	no data
💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities		41	no data
💼 NIST CSF v2.0 → 💼 ID.IM-04: Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved		3	no data
💼 NIST CSF v2.0 → 💼 PR.IR-02: The organization's technology assets are protected from environmental threats			no data
💼 NIST CSF v2.0 → 💼 RC.CO-04: Public updates on incident recovery are shared using approved methods and messaging		22	no data
💼 NIST CSF v2.0 → 💼 RC.RP-03: The integrity of backups and other restoration assets is verified before using them for restoration		6	no data

Sub Sections

Section	Policies	Compliance
💼 CP-2(1) Contingency Plan _ Coordinate with Related Plans		no data
💼 CP-2(2) Contingency Plan _ Capacity Planning	3	no data
💼 CP-2(3) Contingency Plan _ Resume Mission and Business Functions		no data
💼 CP-2(4) Contingency Plan _ Resume All Mission and Business Functions		no data
💼 CP-2(5) Contingency Plan _ Continue Mission and Business Functions		no data
💼 CP-2(6) Contingency Plan _ Alternate Processing and Storage Sites		no data
💼 CP-2(7) Contingency Plan _ Coordinate with External Service Providers		no data
💼 CP-2(8) Contingency Plan _ Identify Critical Assets		no data

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections