Skip to content

CP-4: Contingency Plan Testing

An OSCAL Control

Statement

    • a.

      Test the contingency plan for the system using the following tests to determine the effectiveness of the plan and the readiness to execute the plan: .

    • b.

      Review the contingency plan test results; and

    • c.

      Initiate corrective actions, if needed.

      • (a) Requirement:

        The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing.

      • (b) Requirement:

        The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report).