Detections
Analytics

800-53|CP-2

Title

CONTINGENCY PLAN

Description

The organization:

Supplemental

Contingency planning for information systems is part of an overall organizational program for achieving continuity of operations for mission/business functions. Contingency planning addresses both information system restoration and implementation of alternative mission/business processes when systems are compromised. The effectiveness of contingency planning is maximized by considering such planning throughout the phases of the system development life cycle. Performing contingency planning on hardware, software, and firmware development can be an effective means of achieving information system resiliency. Contingency plans reflect the degree of restoration required for organizational information systems since not all systems may need to fully recover to achieve the level of continuity of operations desired. Information system recovery objectives reflect applicable laws, Executive Orders, directives, policies, standards, regulations, and guidelines. In addition to information system availability, contingency plans also address other security-related events resulting in a reduction in mission and/or business effectiveness, such as malicious attacks compromising the confidentiality or integrity of information systems. Actions addressed in contingency plans include, for example, orderly/graceful degradation, information system shutdown, fallback to a manual mode, alternate information flows, and operating in modes reserved for when systems are under attack. By closely coordinating contingency planning with incident handling activities, organizations can ensure that the necessary contingency planning activities are in place and activated in the event of a security incident.

Reference Item Details

Related: AC-14,CP-10,CP-6,CP-7,CP-8,CP-9,IR-4,IR-8,MP-2,MP-4,MP-5,PM-11,PM-8

Category: CONTINGENCY PLANNING

Family: CONTINGENCY PLANNING

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1.5 Disaster Recovery (DR) PlanUnixCIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS on Linux Unix
2.1.5 Disaster Recovery (DR) PlanUnixCIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS Unix
2.1.5 Disaster Recovery (DR) PlanUnixCIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS on Linux Unix
2.1.5 Disaster Recovery (DR) PlanUnixCIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS Unix
2.1.6 Disaster Recovery (DR) PlanWindowsCIS MySQL 5.7 Enterprise Windows OS L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanUnixCIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L1 MySQL RDBMS Unix
2.1.6 Disaster Recovery (DR) PlanWindowsCIS MySQL 5.6 Community Windows OS L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanWindowsCIS MySQL 5.7 Community Windows OS L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanMySQLDBCIS MariaDB 10.6 Database L1 v1.1.0
2.1.6 Disaster Recovery (DR) PlanUnixCIS MySQL 5.6 Community Linux OS L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanUnixCIS MySQL 5.7 Community Linux OS L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanUnixCIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L1 MySQL RDBMS on Linux Unix
2.1.6 Disaster Recovery (DR) PlanUnixCIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L1 MySQL RDBMS Unix
2.1.6 Disaster Recovery (DR) PlanUnixCIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L1 MySQL RDBMS on Linux Unix
2.1.6 Disaster Recovery (DR) PlanMySQLDBCIS MySQL 5.6 Community Database L1 v2.0.0
2.1.6 Disaster Recovery (DR) PlanUnixCIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0
2.1.6 Disaster recovery planMySQLDBCIS MySQL 5.6 Enterprise Database L1 v2.0.0
2.1.6 Disaster recovery planWindowsCIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0
2.1.6 Disaster recovery planUnixCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0
4.3 Ensure that the DATA_RETENTION_TIME_IN_DAYS parameter is set to 90 for critical dataSnowflakeCIS Snowflake Foundations v1.0.0 L2
8.3.5 Ensure 'Purge protection' is set to 'Enabled'microsoft_azureCIS Microsoft Azure Foundations v5.0.0 L1
9.1.1 Ensure soft delete for Azure File Shares is Enabledmicrosoft_azureCIS Microsoft Azure Foundations v5.0.0 L1
9.2.1 Ensure that soft delete for blobs on Azure Blob Storage storage accounts is Enabledmicrosoft_azureCIS Microsoft Azure Foundations v5.0.0 L1
9.2.2 Ensure that soft delete for containers on Azure Blob Storage storage accounts is Enabledmicrosoft_azureCIS Microsoft Azure Foundations v5.0.0 L1
9.2.3 Ensure 'Versioning' is set to 'Enabled' on Azure Blob Storage storage accountsmicrosoft_azureCIS Microsoft Azure Foundations v5.0.0 L2
9.3.11 Ensure Redundancy is set to 'geo-redundant storage (GRS)' on critical Azure Storage Accountsmicrosoft_azureCIS Microsoft Azure Foundations v5.0.0 L2
MS.DEFENDER.4.5v1 - A list of apps that are restricted from accessing files protected by DLP policy SHOULD be defined.microsoft_azureCISA SCuBA Microsoft 365 Defender v1.5.0
MS.DEFENDER.4.6v1 - The custom policy SHOULD include an action to block access to sensitivemicrosoft_azureCISA SCuBA Microsoft 365 Defender v1.5.0