Skip to main content

πŸ’Ό CP-2 Contingency Plan

  • Contextual name: πŸ’Ό CP-2 Contingency Plan
  • ID: /frameworks/nist-sp-800-53-r5/cp/02
  • Located in: πŸ’Ό CP Contingency Planning

Description​

a. Develop a contingency plan for the system that:

  1. Identifies essential mission and business functions and associated contingency requirements;
  2. Provides recovery objectives, restoration priorities, and metrics;
  3. Addresses contingency roles, responsibilities, assigned individuals with contact information;
  4. Addresses maintaining essential mission and business functions despite a system disruption, compromise, or failure;
  5. Addresses eventual, full system restoration without deterioration of the controls originally planned and implemented;
  6. Addresses the sharing of contingency information; and
  7. Is reviewed and approved by [Assignment: organization-defined personnel or roles]; b. Distribute copies of the contingency plan to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; c. Coordinate contingency planning activities with incident handling activities; d. Review the contingency plan for the system [Assignment: organization-defined frequency]; e. Update the contingency plan to address changes to the organization, system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing; f. Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; g. Incorporate lessons learned from contingency plan testing, training, or actual contingency activities into contingency testing and training; and h. Protect the contingency plan from unauthorized disclosure and modification.

Similar​

  • Internal
    • ID: dec-c-649c5c3f

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό CP-2 Contingency Plan (L)(M)(H)51
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό CP-2 Contingency Plan (L)(M)(H)
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-01: Improvements are identified from evaluations10
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties23
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities24
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-04: Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved3
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.IR-02: The organization's technology assets are protected from environmental threats
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RC.CO-04: Public updates on incident recovery are shared using approved methods and messaging23
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RC.RP-03: The integrity of backups and other restoration assets is verified before using them for restoration1

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CP-2(1) Contingency Plan _ Coordinate with Related Plans
πŸ’Ό CP-2(2) Contingency Plan _ Capacity Planning1
πŸ’Ό CP-2(3) Contingency Plan _ Resume Mission and Business Functions
πŸ’Ό CP-2(4) Contingency Plan _ Resume All Mission and Business Functions
πŸ’Ό CP-2(5) Contingency Plan _ Continue Mission and Business Functions
πŸ’Ό CP-2(6) Contingency Plan _ Alternate Processing and Storage Sites
πŸ’Ό CP-2(7) Contingency Plan _ Coordinate with External Service Providers
πŸ’Ό CP-2(8) Contingency Plan _ Identify Critical Assets