Ansible Tower - Contingency Planning

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
CP-1 Contingency Planning Policy And Procedures

not applicable

CP-2 Contingency Plan

not applicable

CP-2 (1) Coordinate With Related Plans

not applicable

CP-2 (2) Capacity Planning

complete

CP-2 (3) Resume Essential Missions / Business Functions

not applicable

CP-2 (4) Resume All Missions / Business Functions

not applicable

CP-2 (5) Continue Essential Missions / Business Functions

not applicable

CP-2 (6) Alternate Processing / Storage Site

complete

CP-2 (7) Coordinate With External Service Providers

not applicable

CP-2 (8) Identify Critical Assets

not applicable

CP-3 Contingency Training

not applicable

CP-3 (1) Simulated Events

not applicable

CP-3 (2) Automated Training Environments

not applicable

CP-4 Contingency Plan Testing

not applicable

CP-4 (1) Coordinate With Related Plans

not applicable

CP-4 (2) Alternate Processing Site

not applicable

CP-4 (3) Automated Testing

not applicable

CP-4 (4) Full Recovery / Reconstitution

not applicable

CP-5 Contingency Plan Update

not applicable

CP-6 Alternate Storage Site

not applicable

CP-6 (1) Separation From Primary Site

not applicable

CP-6 (2) Recovery Time / Point Objectives

not applicable

CP-6 (3) Accessibility

not applicable

CP-7 Alternate Processing Site

not applicable

CP-7 (1) Separation From Primary Site

not applicable

CP-7 (2) Accessibility

not applicable

CP-7 (3) Priority Of Service

not applicable

CP-7 (4) Preparation For Use

not applicable

CP-7 (5) Equivalent Information Security Safeguards

not applicable

CP-7 (6) Inability To Return To Primary Site

not applicable

CP-8 Telecommunications Services

not applicable

CP-8 (1) Priority Of Service Provisions

not applicable

CP-8 (2) Single Points Of Failure

not applicable

CP-8 (3) Separation Of Primary / Alternate Providers

not applicable

CP-8 (4) Provider Contingency Plan

not applicable

CP-8 (5) Alternate Telecommunication Service Testing

not applicable

CP-9 Information System Backup

complete

CP-9 (1) Testing For Reliability / Integrity

not applicable

CP-9 (2) Test Restoration Using Sampling

complete

CP-9 (3) Separate Storage For Critical Information

not applicable

CP-9 (4) Protection From Unauthorized Modification

not applicable

CP-9 (5) Transfer To Alternate Storage Site

not applicable

CP-9 (6) Redundant Secondary System

complete

CP-9 (7) Dual Authorization

not applicable

CP-10 Information System Recovery And Reconstitution

complete

CP-10 (1) Contingency Plan Testing

not applicable

CP-10 (2) Transaction Recovery

not applicable

CP-10 (3) Compensating Security Controls

not applicable

CP-10 (4) Restore Within Time Period

complete

CP-10 (5) Failover Capability

not applicable

CP-10 (6) Component Protection

not applicable

CP-11 Alternate Communications Protocols

not applicable

CP-12 Safe Mode

not applicable

CP-13 Alternative Security Mechanisms

not applicable




CP-1: Contingency Planning Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A contingency planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the contingency planning policy and associated contingency planning controls; and b. Reviews and updates the current: 1. Contingency planning policy [Assignment: organization-defined frequency]; and 2. Contingency planning procedures [Assignment: organization-defined frequency].

CP-1 Control Response Information
Implementation Status:

not applicable

CP-1: What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-2: Contingency Plan

The organization: a. Develops a contingency plan for the information system that: 1. Identifies essential missions and business functions and associated contingency requirements; 2. Provides recovery objectives, restoration priorities, and metrics; 3. Addresses contingency roles, responsibilities, assigned individuals with contact information; 4. Addresses maintaining essential missions and business functions despite an information system disruption, compromise, or failure; 5. Addresses eventual, full information system restoration without deterioration of the security safeguards originally planned and implemented; and 6. Is reviewed and approved by [Assignment: organization-defined personnel or roles]; b. Distributes copies of the contingency plan to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; c. Coordinates contingency planning activities with incident handling activities; d. Reviews the contingency plan for the information system [Assignment: organization-defined frequency]; e. Updates the contingency plan to address changes to the organization, information system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing; f. Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and g. Protects the contingency plan from unauthorized disclosure and modification.

CP-2 Control Response Information
Implementation Status:

not applicable

CP-2: What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-2 (1): Coordinate With Related Plans

“The organization coordinates contingency plan development with organizational elements responsible for related plans.”

CP-2 (1) Control Response Information
Implementation Status:

not applicable

CP-2 (1): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-2 (2): Capacity Planning

“The organization conducts capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations.”

CP-2 (2) Control Response Information
Implementation Status:

complete

CP-2 (2): What is the solution and how is it implemented?

The Ansible Tower capacity system determines how many jobs can run on an instance given the amount of resources available to the instance and the size of the jobs that are running.

The “Ansible Tower Capacity Determination and Job Impact” section of the Ansible Tower User’s Guide outlines resource determination factors relevant to capacity planning. That document can be found online at:

https://docs.ansible.com/ansible-tower/latest/html/userguide/jobs.html#at-capacity-determination-and-job-impact




CP-2 (3): Resume Essential Missions / Business Functions

“The organization plans for the resumption of essential missions and business functions within [Assignment: organization-defined time period] of contingency plan activation.”

CP-2 (3) Control Response Information
Implementation Status:

not applicable

CP-2 (3): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-2 (4): Resume All Missions / Business Functions

“The organization plans for the resumption of all missions and business functions within [Assignment: organization-defined time period] of contingency plan activation.”

CP-2 (4) Control Response Information
Implementation Status:

not applicable

CP-2 (4): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-2 (5): Continue Essential Missions / Business Functions

“The organization plans for the continuance of essential missions and business functions with little or no loss of operational continuity and sustains that continuity until full information system restoration at primary processing and/or storage sites.”

CP-2 (5) Control Response Information
Implementation Status:

not applicable

CP-2 (5): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-2 (6): Alternate Processing / Storage Site

“The organization plans for the transfer of essential missions and business functions to alternate processing and/or storage sites with little or no loss of operational continuity and sustains that continuity through information system restoration to primary processing and/or storage sites.”

CP-2 (6) Control Response Information
Implementation Status:

complete

CP-2 (6): What is the solution and how is it implemented?

Ansible Tower installations can occur in a High Availabiltiy (HA) configuration. In this configuration, Tower runs with a single active node, called the Primary Instance, and any number of inactive nodes, called Secondary Instances.

Secondary Instances can become Primary Instances at any time, with certain caveats. Running in a high-availability setup requires any database that Ansible Tower uses to be external – Postgres and MongoDB must be installed on a machine that is not one of the primary or secondary Ansible Tower nodes.

Ansible Tower’s HA mode offers a standby Ansible Tower infrastructure that can become active in case of infrastructure failure – avoiding single points of failure. HA mode is not meant to run in an active/passive or multi-master mode, and is not a mechanism for horizontally scaling the Ansible Tower service. Further, failover to a secondary instance is not automatic and must be user triggered.

For instructions on how to install Ansible Tower into an HA configuration, refer to the Ansible Tower Installation and Reference Guide:

https://docs.ansible.com/ansible-tower/




CP-2 (7): Coordinate With External Service Providers

“The organization coordinates its contingency plan with the contingency plans of external service providers to ensure that contingency requirements can be satisfied.”

CP-2 (7) Control Response Information
Implementation Status:

not applicable

CP-2 (7): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-2 (8): Identify Critical Assets

“The organization identifies critical information system assets supporting essential missions and business functions.”

CP-2 (8) Control Response Information
Implementation Status:

not applicable

CP-2 (8): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-3: Contingency Training

The organization provides contingency training to information system users consistent with assigned roles and responsibilities: a. Within [Assignment: organization-defined time period] of assuming a contingency role or responsibility; b. When required by information system changes; and c. [Assignment: organization-defined frequency] thereafter.

CP-3 Control Response Information
Implementation Status:

not applicable

CP-3: What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-3 (1): Simulated Events

“The organization incorporates simulated events into contingency training to facilitate effective response by personnel in crisis situations.”

CP-3 (1) Control Response Information
Implementation Status:

not applicable

CP-3 (1): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-3 (2): Automated Training Environments

“The organization employs automated mechanisms to provide a more thorough and realistic contingency training environment.”

CP-3 (2) Control Response Information
Implementation Status:

not applicable

CP-3 (2): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-4: Contingency Plan Testing

The organization: a. Tests the contingency plan for the information system [Assignment: organization-defined frequency] using [Assignment: organization-defined tests] to determine the effectiveness of the plan and the organizational readiness to execute the plan; b. Reviews the contingency plan test results; and c. Initiates corrective actions, if needed.

CP-4 Control Response Information
Implementation Status:

not applicable

CP-4: What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-4 (1): Coordinate With Related Plans

“The organization coordinates contingency plan testing with organizational elements responsible for related plans.”

CP-4 (1) Control Response Information
Implementation Status:

not applicable

CP-4 (1): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-4 (2): Alternate Processing Site

The organization tests the contingency plan at the alternate processing site: (2)(a). To familiarize contingency personnel with the facility and available resources; and (2)(b). To evaluate the capabilities of the alternate processing site to support contingency operations.

CP-4 (2) Control Response Information
Implementation Status:

not applicable

CP-4 (2): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-4 (3): Automated Testing

“The organization employs automated mechanisms to more thoroughly and effectively test the contingency plan.”

CP-4 (3) Control Response Information
Implementation Status:

not applicable

CP-4 (3): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-4 (4): Full Recovery / Reconstitution

“The organization includes a full recovery and reconstitution of the information system to a known state as part of contingency plan testing.”

CP-4 (4) Control Response Information
Implementation Status:

not applicable

CP-4 (4): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-5: Contingency Plan Update

“[Withdrawn: Incorporated into CP-2].”

CP-5 Control Response Information
Implementation Status:

not applicable

CP-5: What is the solution and how is it implemented?

This control was withdrawn by NIST.




CP-6: Alternate Storage Site

The organization: a. Establishes an alternate storage site including necessary agreements to permit the storage and retrieval of information system backup information; and b. Ensures that the alternate storage site provides information security safeguards equivalent to that of the primary site.

CP-6 Control Response Information
Implementation Status:

not applicable

CP-6: What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-6 (1): Separation From Primary Site

“The organization identifies an alternate storage site that is separated from the primary storage site to reduce susceptibility to the same threats.”

CP-6 (1) Control Response Information
Implementation Status:

not applicable

CP-6 (1): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-6 (2): Recovery Time / Point Objectives

“The organization configures the alternate storage site to facilitate recovery operations in accordance with recovery time and recovery point objectives.”

CP-6 (2) Control Response Information
Implementation Status:

not applicable

CP-6 (2): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-6 (3): Accessibility

“The organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.”

CP-6 (3) Control Response Information
Implementation Status:

not applicable

CP-6 (3): What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-7: Alternate Processing Site

The organization: a. Establishes an alternate processing site including necessary agreements to permit the transfer and resumption of [Assignment: organization-defined information system operations] for essential missions/business functions within [Assignment: organization-defined time period consistent with recovery time and recovery point objectives] when the primary processing capabilities are unavailable; b. Ensures that equipment and supplies required to transfer and resume operations are available at the alternate processing site or contracts are in place to support delivery to the site within the organization-defined time period for transfer/resumption; and c. Ensures that the alternate processing site provides information security safeguards equivalent to those of the primary site.

CP-7 Control Response Information
Implementation Status:

not applicable

CP-7: What is the solution and how is it implemented?

This is an organizational control outside the scope of component-level configuration.




CP-7 (1): Separation From Primary Site

“The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats.”

CP-7 (1) Control Response Information
Implementation Status: