OpenShift Container Platform 3.x - Contingency Planning

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
CP-1 Contingency Planning Policy And Procedures

not applicable

CP-2 Contingency Plan

not applicable

CP-2 (1) Coordinate With Related Plans

not applicable

CP-2 (2) Capacity Planning

not applicable

CP-2 (3) Resume Essential Missions / Business Functions

not applicable

CP-2 (4) Resume All Missions / Business Functions

not applicable

CP-2 (5) Continue Essential Missions / Business Functions

not applicable

CP-2 (6) Alternate Processing / Storage Site

not applicable

CP-2 (7) Coordinate With External Service Providers

not applicable

CP-2 (8) Identify Critical Assets

not applicable

CP-3 Contingency Training

not applicable

CP-3 (1) Simulated Events

not applicable

CP-3 (2) Automated Training Environments

not applicable

CP-4 Contingency Plan Testing

not applicable

CP-4 (1) Coordinate With Related Plans

not applicable

CP-4 (2) Alternate Processing Site

not applicable

CP-4 (3) Automated Testing

not applicable

CP-4 (4) Full Recovery / Reconstitution

not applicable

CP-5 Contingency Plan Update
CP-6 Alternate Storage Site

not applicable

CP-6 (1) Separation From Primary Site

not applicable

CP-6 (2) Recovery Time / Point Objectives

not applicable

CP-6 (3) Accessibility

not applicable

CP-7 Alternate Processing Site

not applicable

CP-7 (1) Separation From Primary Site

not applicable

CP-7 (2) Accessibility

not applicable

CP-7 (3) Priority Of Service

not applicable

CP-7 (4) Preparation For Use

not applicable

CP-7 (5) Equivalent Information Security Safeguards

not applicable

CP-7 (6) Inability To Return To Primary Site

not applicable

CP-8 Telecommunications Services

not applicable

CP-8 (1) Priority Of Service Provisions

not applicable

CP-8 (2) Single Points Of Failure

not applicable

CP-8 (3) Separation Of Primary / Alternate Providers

not applicable

CP-8 (4) Provider Contingency Plan

not applicable

CP-8 (5) Alternate Telecommunication Service Testing

not applicable

CP-9 Information System Backup

planned

CP-9 (1) Testing For Reliability / Integrity

not applicable

CP-9 (2) Test Restoration Using Sampling
CP-9 (3) Separate Storage For Critical Information

not applicable

CP-9 (4) Protection From Unauthorized Modification
CP-9 (5) Transfer To Alternate Storage Site

not applicable

CP-9 (6) Redundant Secondary System

not applicable

CP-9 (7) Dual Authorization

not applicable

CP-10 Information System Recovery And Reconstitution

planned

CP-10 (1) Contingency Plan Testing
CP-10 (2) Transaction Recovery
CP-10 (3) Compensating Security Controls
CP-10 (4) Restore Within Time Period
CP-10 (5) Failover Capability
CP-10 (6) Component Protection
CP-11 Alternate Communications Protocols
CP-12 Safe Mode
CP-13 Alternative Security Mechanisms



CP-1: Contingency Planning Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A contingency planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the contingency planning policy and associated contingency planning controls; and b. Reviews and updates the current: 1. Contingency planning policy [Assignment: organization-defined frequency]; and 2. Contingency planning procedures [Assignment: organization-defined frequency].

CP-1 Control Response Information
Implementation Status:

not applicable

CP-1: What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of OpenShift.’




CP-2: Contingency Plan

The organization: a. Develops a contingency plan for the information system that: 1. Identifies essential missions and business functions and associated contingency requirements; 2. Provides recovery objectives, restoration priorities, and metrics; 3. Addresses contingency roles, responsibilities, assigned individuals with contact information; 4. Addresses maintaining essential missions and business functions despite an information system disruption, compromise, or failure; 5. Addresses eventual, full information system restoration without deterioration of the security safeguards originally planned and implemented; and 6. Is reviewed and approved by [Assignment: organization-defined personnel or roles]; b. Distributes copies of the contingency plan to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; c. Coordinates contingency planning activities with incident handling activities; d. Reviews the contingency plan for the information system [Assignment: organization-defined frequency]; e. Updates the contingency plan to address changes to the organization, information system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing; f. Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and g. Protects the contingency plan from unauthorized disclosure and modification.

CP-2 Control Response Information
Implementation Status:

not applicable

CP-2: What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of OpenShift.’




CP-2 (1): Coordinate With Related Plans

“The organization coordinates contingency plan development with organizational elements responsible for related plans.”

CP-2 (1) Control Response Information
Implementation Status:

not applicable

CP-2 (1): What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of OpenShift.’




CP-2 (2): Capacity Planning

“The organization conducts capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations.”

CP-2 (2) Control Response Information
Implementation Status:

not applicable

CP-2 (2): What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of OpenShift.’




CP-2 (3): Resume Essential Missions / Business Functions

“The organization plans for the resumption of essential missions and business functions within [Assignment: organization-defined time period] of contingency plan activation.”

CP-2 (3) Control Response Information
Implementation Status:

not applicable

CP-2 (3): What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of OpenShift.’




CP-2 (4): Resume All Missions / Business Functions

“The organization plans for the resumption of all missions and business functions within [Assignment: organization-defined time period] of contingency plan activation.”

CP-2 (4) Control Response Information
Implementation Status:

not applicable

CP-2 (4): What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of OpenShift.’




CP-2 (5): Continue Essential Missions / Business Functions

“The organization plans for the continuance of essential missions and business functions with little or no loss of operational continuity and sustains that continuity until full information system restoration at primary processing and/or storage sites.”

CP-2 (5) Control Response Information
Implementation Status:

not applicable

CP-2 (5): What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of OpenShift.’




CP-2 (6): Alternate Processing / Storage Site

“The organization plans for the transfer of essential missions and business functions to alternate processing and/or storage sites with little or no loss of operational continuity and sustains that continuity through information system restoration to primary processing and/or storage sites.”

CP-2 (6) Control Response Information
Implementation Status:

not applicable