| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
CP-2(4) |
FedRAMP_High_R4_CP-2(4) |
FedRAMP High CP-2 (4) |
Contingency Planning |
Resume All Missions / Business Functions |
Shared |
n/a |
The organization plans for the resumption of all missions and business functions within
[Assignment: organization-defined time period] of contingency plan activation.
Supplemental Guidance: Organizations may choose to carry out the contingency planning activities in this control enhancement as part of organizational business continuity planning including, for example, as part of business impact analyses. The time period for resumption of all missions/business functions may be dependent on the severity/extent of disruptions to the information system and its supporting infrastructure. Related control: PE-12. |
link |
1 |
| ISO27001-2013 |
A.17.1.1 |
ISO27001-2013_A.17.1.1 |
ISO 27001:2013 A.17.1.1 |
Information Security Aspects Of Business Continuity Management |
Planning information security continuity |
Shared |
n/a |
The organization shall determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster. |
link |
11 |
| ISO27001-2013 |
A.17.1.2 |
ISO27001-2013_A.17.1.2 |
ISO 27001:2013 A.17.1.2 |
Information Security Aspects Of Business Continuity Management |
Implementing information security continuity |
Shared |
n/a |
The organization shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation. |
link |
18 |
| ISO27001-2013 |
A.17.2.1 |
ISO27001-2013_A.17.2.1 |
ISO 27001:2013 A.17.2.1 |
Information Security Aspects Of Business Continuity Management |
Availability of information processing facilities |
Shared |
n/a |
Information processing facilities shall be implemented with redundancy sufficient to meet availability requirements. |
link |
17 |
| ISO27001-2013 |
A.6.1.1 |
ISO27001-2013_A.6.1.1 |
ISO 27001:2013 A.6.1.1 |
Organization of Information Security |
Information security roles and responsibilities |
Shared |
n/a |
All information security responsibilities shall be clearly defined and allocated. |
link |
73 |
| NIST_SP_800-53_R4 |
CP-2(4) |
NIST_SP_800-53_R4_CP-2(4) |
NIST SP 800-53 Rev. 4 CP-2 (4) |
Contingency Planning |
Resume All Missions / Business Functions |
Shared |
n/a |
The organization plans for the resumption of all missions and business functions within
[Assignment: organization-defined time period] of contingency plan activation.
Supplemental Guidance: Organizations may choose to carry out the contingency planning activities in this control enhancement as part of organizational business continuity planning including, for example, as part of business impact analyses. The time period for resumption of all missions/business functions may be dependent on the severity/extent of disruptions to the information system and its supporting infrastructure. Related control: PE-12. |
link |
1 |
| SWIFT_CSCF_v2022 |
10.1 |
SWIFT_CSCF_v2022_10.1 |
SWIFT CSCF v2022 10.1 |
10. Be Ready in case of Major Disaster |
Business continuity is ensured through a documented plan communicated to the potentially affected
parties (service bureau and customers). |
Shared |
n/a |
Business continuity is ensured through a documented plan communicated to the potentially affected
parties (service bureau and customers). |
link |
5 |
| SWIFT_CSCF_v2022 |
8.1 |
SWIFT_CSCF_v2022_8.1 |
SWIFT CSCF v2022 8.1 |
8. Set and Monitor Performance |
Ensure availability by formally setting and monitoring the objectives to be achieved |
Shared |
n/a |
Ensure availability by formally setting and monitoring the objectives to be achieved |
link |
8 |