CP-2: Contingency Plan
An OSCAL Control
Statement
-
a.
Develop a contingency plan for the system that:
-
1.
Identifies essential mission and business functions and associated contingency requirements;
-
2.
Provides recovery objectives, restoration priorities, and metrics;
-
3.
Addresses contingency roles, responsibilities, assigned individuals with contact information;
-
4.
Addresses maintaining essential mission and business functions despite a system disruption, compromise, or failure;
-
5.
Addresses eventual, full system restoration without deterioration of the controls originally planned and implemented;
-
6.
Addresses the sharing of contingency information; and
-
-
c.
Coordinate contingency planning activities with incident handling activities;
-
e.
Update the contingency plan to address changes to the organization, system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing;
-
g.
Incorporate lessons learned from contingency plan testing, training, or actual contingency activities into contingency testing and training; and
-
h.
Protect the contingency plan from unauthorized disclosure and modification.