Detections
Analytics

800-53|CP-10

Title

INFORMATION SYSTEM RECOVERY AND RECONSTITUTION

Description

The organization provides for the recovery and reconstitution of the information system to a known state after a disruption, compromise, or failure.

Supplemental

Recovery is executing information system contingency plan activities to restore organizational missions/business functions. Reconstitution takes place following recovery and includes activities for returning organizational information systems to fully operational states. Recovery and reconstitution operations reflect mission and business priorities, recovery point/time and reconstitution objectives, and established organizational metrics consistent with contingency plan requirements. Reconstitution includes the deactivation of any interim information system capabilities that may have been needed during recovery operations. Reconstitution also includes assessments of fully restored information system capabilities, reestablishment of continuous monitoring activities, potential information system reauthorizations, and activities to prepare the systems against future disruptions, compromises, or failures. Recovery/reconstitution capabilities employed by organizations can include both automated mechanisms and manual procedures.

Reference Item Details

Related: CA-2,CA-6,CA-7,CP-2,CP-6,CP-7,CP-9,SC-24

Category: CONTINGENCY PLANNING

Family: CONTINGENCY PLANNING

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.4.2.1.3 Set 'Configure use of passwords for fixed data drives' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.4 Set 'Recovery Key' to 'Allow 256-bit recovery key'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.5 Set 'Recovery Password' to 'Allow 48-digit recovery password'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.9 Set 'Allow data recovery agent' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.10 Set 'Choose how BitLocker-protected fixed drives can be recovered' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Backup recovery passwords and key packages'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.13 Set 'Save BitLocker recovery information to AD DS for fixed data drives' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.1.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.4 Set 'Recovery Key' to 'Do not allow 256-bit recovery key'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.5 Set 'Recovery Password' to 'Require 48-digit recovery password'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.9 Set 'Allow data recovery agent' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.10 Set 'Choose how BitLocker-protected operating system drives can be recovered' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Store recovery passwords and key packages'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.13 Set 'Save BitLocker recovery information to AD DS for operating system drives' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.3 Set 'Configure use of passwords for removable data drives' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.4 Set 'Recovery Key' to 'Do not allow 256-bit recovery key'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.5 Set 'Recovery Password' to 'Do not allow 48-digit recovery password'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.9 Set 'Allow data recovery agent' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.10 Set 'Choose how BitLocker-protected removable drives can be recovered' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Backup recovery passwords and key packages'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True'WindowsCIS Windows 8 L1 v1.0.0
18.9.11.1.2 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.2 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.2 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.4 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.4 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.4 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.5 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.5 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.5 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.6 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.6 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.6 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.8 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.8 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.8 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.9 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.10 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.10 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.10 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0