| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
CP-2(8) |
FedRAMP_High_R4_CP-2(8) |
FedRAMP High CP-2 (8) |
Contingency Planning |
Identify Critical Assets |
Shared |
n/a |
The organization identifies critical information system assets supporting essential missions and business functions.
Supplemental Guidance: Organizations may choose to carry out the contingency planning activities in this control enhancement as part of organizational business continuity planning including, for example, as part of business impact analyses. Organizations identify critical information system assets so that additional safeguards and countermeasures can be employed (above and beyond those safeguards and countermeasures routinely implemented) to help ensure that organizational missions/business functions can continue to be conducted during contingency operations. In addition, the identification of critical information assets facilitates the prioritization of organizational resources. Critical information system assets include technical and operational aspects. Technical aspects include, for example, information technology services, information system components, information technology products, and mechanisms. Operational aspects include, for example, procedures (manually executed operations) and personnel (individuals operating technical safeguards and/or executing manual procedures). Organizational program protection plans can provide assistance in identifying critical assets. Related controls: SA-14, SA-15. |
link |
1 |
| FedRAMP_Moderate_R4 |
CP-2(8) |
FedRAMP_Moderate_R4_CP-2(8) |
FedRAMP Moderate CP-2 (8) |
Contingency Planning |
Identify Critical Assets |
Shared |
n/a |
The organization identifies critical information system assets supporting essential missions and business functions.
Supplemental Guidance: Organizations may choose to carry out the contingency planning activities in this control enhancement as part of organizational business continuity planning including, for example, as part of business impact analyses. Organizations identify critical information system assets so that additional safeguards and countermeasures can be employed (above and beyond those safeguards and countermeasures routinely implemented) to help ensure that organizational missions/business functions can continue to be conducted during contingency operations. In addition, the identification of critical information assets facilitates the prioritization of organizational resources. Critical information system assets include technical and operational aspects. Technical aspects include, for example, information technology services, information system components, information technology products, and mechanisms. Operational aspects include, for example, procedures (manually executed operations) and personnel (individuals operating technical safeguards and/or executing manual procedures). Organizational program protection plans can provide assistance in identifying critical assets. Related controls: SA-14, SA-15. |
link |
1 |
| hipaa |
1635.12b1Organizational.2-12.b |
hipaa-1635.12b1Organizational.2-12.b |
1635.12b1Organizational.2-12.b |
16 Business Continuity & Disaster Recovery |
1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management |
Shared |
n/a |
Information security aspects of business continuity are: (i) based on identifying events (or sequence of events) that can cause interruptions to the organization's critical business processes (e.g., equipment failure, human errors, theft, fire, natural disasters acts of terrorism); (ii) followed by a risk assessment to determine the probability and impact of such interruptions, in terms of time, damage scale and recovery period; (iii) based on the results of the risk assessment, a business continuity strategy is developed to identify the overall approach to business continuity; and, (iv) once this strategy has been created, endorsement is provided by management, and a plan created and endorsed to implement this strategy. |
|
6 |
| hipaa |
1636.12b2Organizational.1-12.b |
hipaa-1636.12b2Organizational.1-12.b |
1636.12b2Organizational.1-12.b |
16 Business Continuity & Disaster Recovery |
1636.12b2Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management |
Shared |
n/a |
The organization identifies its critical business processes and integrates the information security management requirements of business continuity with other continuity requirements relating to such aspects as operations, staffing, materials, transport and facilities. |
|
3 |
| hipaa |
1669.12d1Organizational.8-12.d |
hipaa-1669.12d1Organizational.8-12.d |
1669.12d1Organizational.8-12.d |
16 Business Continuity & Disaster Recovery |
1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management |
Shared |
n/a |
The business continuity planning framework addresses a specific, minimal set of information security requirements. |
|
6 |
| NIST_SP_800-53_R4 |
CP-2(8) |
NIST_SP_800-53_R4_CP-2(8) |
NIST SP 800-53 Rev. 4 CP-2 (8) |
Contingency Planning |
Identify Critical Assets |
Shared |
n/a |
The organization identifies critical information system assets supporting essential missions and business functions.
Supplemental Guidance: Organizations may choose to carry out the contingency planning activities in this control enhancement as part of organizational business continuity planning including, for example, as part of business impact analyses. Organizations identify critical information system assets so that additional safeguards and countermeasures can be employed (above and beyond those safeguards and countermeasures routinely implemented) to help ensure that organizational missions/business functions can continue to be conducted during contingency operations. In addition, the identification of critical information assets facilitates the prioritization of organizational resources. Critical information system assets include technical and operational aspects. Technical aspects include, for example, information technology services, information system components, information technology products, and mechanisms. Operational aspects include, for example, procedures (manually executed operations) and personnel (individuals operating technical safeguards and/or executing manual procedures). Organizational program protection plans can provide assistance in identifying critical assets. Related controls: SA-14, SA-15. |
link |
1 |
| NIST_SP_800-53_R5 |
CP-2(8) |
NIST_SP_800-53_R5_CP-2(8) |
NIST SP 800-53 Rev. 5 CP-2 (8) |
Contingency Planning |
Identify Critical Assets |
Shared |
n/a |
Identify critical system assets supporting [Selection: all;essential] mission and business functions. |
link |
1 |