CP-10 System Recovery and Reconstitution

Control

Provide for the recovery and reconstitution of the system to a known state within [Assignment: organization-defined time period consistent with recovery time and recovery point objectives] after a disruption, compromise, or failure.

Discussion

Recovery is executing contingency plan activities to restore organizational mission and business functions. Reconstitution takes place following recovery and includes activities for returning systems to fully operational states. Recovery and reconstitution operations reflect mission and business priorities; recovery point, recovery time, and reconstitution objectives; and organizational metrics consistent with contingency plan requirements. Reconstitution includes the deactivation of interim system capabilities that may have been needed during recovery operations. Reconstitution also includes assessments of fully restored system capabilities, reestablishment of continuous monitoring activities, system reauthorization (if required), and activities to prepare the system and organization for future disruptions, breaches, compromises, or failures. Recovery and reconstitution capabilities can include automated mechanisms and manual procedures. Organizations establish recovery time and recovery point objectives as part of contingency planning.

CP-2, CP-4, CP-6, CP-7, CP-9, IR-4, SA-8, SC-24, SI-13.

Enhancements

1

System Recovery and Reconstitution | Contingency Plan Testing

Withdrawn: Incorporated into CP-4.

2

System Recovery and Reconstitution | Transaction Recovery

Implement transaction recovery for systems that are transaction-based.

Transaction-based systems include database management systems and transaction processing systems. Mechanisms supporting transaction recovery include transaction rollback and transaction journaling.

3

System Recovery and Reconstitution | Compensating Security Controls

Withdrawn: Addressed through tailoring.

4

System Recovery and Reconstitution | Restore Within Time Period

Provide the capability to restore system components within [Assignment: organization-defined restoration time periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components.

Restoration of system components includes reimaging, which restores the components to known, operational states.

Related: CM-2, CM-6.

5

System Recovery and Reconstitution | Failover Capability

Withdrawn: Incorporated into SI-13.

6

System Recovery and Reconstitution | Component Protection

Protect system components used for recovery and reconstitution.

Protection of system recovery and reconstitution components (i.e., hardware, firmware, and software) includes physical and technical controls. Backup and restoration components used for recovery and reconstitution include router tables, compilers, and other system software.

Related: AC-3, AC-6, MP-2, MP-4, PE-3, PE-6.