OpenStack Platform 13 - Contingency Planning
Control responses for NIST 800-53 rev4.
Requirements Traceability Matrix
| Control | Name | Status |
|---|---|---|
| CP-1 | Contingency Planning Policy And Procedures |
not applicable |
| CP-2 | Contingency Plan |
not applicable |
| CP-2 (1) | Coordinate With Related Plans |
not applicable |
| CP-2 (2) | Capacity Planning |
planned |
| CP-2 (3) | Resume Essential Missions / Business Functions |
not applicable |
| CP-2 (4) | Resume All Missions / Business Functions |
not applicable |
| CP-2 (5) | Continue Essential Missions / Business Functions |
not applicable |
| CP-2 (6) | Alternate Processing / Storage Site |
unknown |
| CP-2 (7) | Coordinate With External Service Providers |
unknown |
| CP-2 (8) | Identify Critical Assets |
not applicable |
| CP-3 | Contingency Training |
not applicable |
| CP-3 (1) | Simulated Events |
not applicable |
| CP-3 (2) | Automated Training Environments |
unknown |
| CP-4 | Contingency Plan Testing |
not applicable |
| CP-4 (1) | Coordinate With Related Plans |
not applicable |
| CP-4 (2) | Alternate Processing Site |
not applicable |
| CP-4 (3) | Automated Testing |
unknown |
| CP-4 (4) | Full Recovery / Reconstitution |
unknown |
| CP-5 | Contingency Plan Update |
unknown |
| CP-6 | Alternate Storage Site |
not applicable |
| CP-6 (1) | Separation From Primary Site |
not applicable |
| CP-6 (2) | Recovery Time / Point Objectives |
not applicable |
| CP-6 (3) | Accessibility |
not applicable |
| CP-7 | Alternate Processing Site |
not applicable |
| CP-7 (1) | Separation From Primary Site |
not applicable |
| CP-7 (2) | Accessibility |
not applicable |
| CP-7 (3) | Priority Of Service |
not applicable |
| CP-7 (4) | Preparation For Use |
not applicable |
| CP-7 (5) | Equivalent Information Security Safeguards |
unknown |
| CP-7 (6) | Inability To Return To Primary Site |
unknown |
| CP-8 | Telecommunications Services |
not applicable |
| CP-8 (1) | Priority Of Service Provisions |
not applicable |
| CP-8 (2) | Single Points Of Failure |
not applicable |
| CP-8 (3) | Separation Of Primary / Alternate Providers |
not applicable |
| CP-8 (4) | Provider Contingency Plan |
not applicable |
| CP-8 (5) | Alternate Telecommunication Service Testing |
unknown |
| CP-9 | Information System Backup |
planned |
| CP-9 (1) | Testing For Reliability / Integrity |
not applicable |
| CP-9 (2) | Test Restoration Using Sampling |
not applicable |
| CP-9 (3) | Separate Storage For Critical Information |
not applicable |
| CP-9 (4) | Protection From Unauthorized Modification |
unknown |
| CP-9 (5) | Transfer To Alternate Storage Site |
not applicable |
| CP-9 (6) | Redundant Secondary System |
unknown |
| CP-9 (7) | Dual Authorization |
unknown |
| CP-10 | Information System Recovery And Reconstitution |
planned |
| CP-10 (1) | Contingency Plan Testing |
unknown |
| CP-10 (2) | Transaction Recovery |
planned |
| CP-10 (3) | Compensating Security Controls |
unknown |
| CP-10 (4) | Restore Within Time Period |
not applicable |
| CP-10 (5) | Failover Capability |
unknown |
| CP-10 (6) | Component Protection |
unknown |
| CP-11 | Alternate Communications Protocols |
unknown |
| CP-12 | Safe Mode |
unknown |
| CP-13 | Alternative Security Mechanisms |
unknown |
CP-1: Contingency Planning Policy And Procedures
The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A contingency planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the contingency planning policy and associated contingency planning controls; and b. Reviews and updates the current: 1. Contingency planning policy [Assignment: organization-defined frequency]; and 2. Contingency planning procedures [Assignment: organization-defined frequency].
|
|
|---|
| Implementation Status: |