OpenStack Platform 13 - Contingency Planning

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
CP-1 Contingency Planning Policy And Procedures

not applicable

CP-2 Contingency Plan

not applicable

CP-2 (1) Coordinate With Related Plans

not applicable

CP-2 (2) Capacity Planning

planned

CP-2 (3) Resume Essential Missions / Business Functions

not applicable

CP-2 (4) Resume All Missions / Business Functions

not applicable

CP-2 (5) Continue Essential Missions / Business Functions

not applicable

CP-2 (6) Alternate Processing / Storage Site
CP-2 (7) Coordinate With External Service Providers
CP-2 (8) Identify Critical Assets

not applicable

CP-3 Contingency Training

not applicable

CP-3 (1) Simulated Events

not applicable

CP-3 (2) Automated Training Environments
CP-4 Contingency Plan Testing

not applicable

CP-4 (1) Coordinate With Related Plans

not applicable

CP-4 (2) Alternate Processing Site

not applicable

CP-4 (3) Automated Testing
CP-4 (4) Full Recovery / Reconstitution
CP-5 Contingency Plan Update
CP-6 Alternate Storage Site

not applicable

CP-6 (1) Separation From Primary Site

not applicable

CP-6 (2) Recovery Time / Point Objectives

not applicable

CP-6 (3) Accessibility

not applicable

CP-7 Alternate Processing Site

not applicable

CP-7 (1) Separation From Primary Site

not applicable

CP-7 (2) Accessibility

not applicable

CP-7 (3) Priority Of Service

not applicable

CP-7 (4) Preparation For Use

not applicable

CP-7 (5) Equivalent Information Security Safeguards
CP-7 (6) Inability To Return To Primary Site
CP-8 Telecommunications Services

not applicable

CP-8 (1) Priority Of Service Provisions

not applicable

CP-8 (2) Single Points Of Failure

not applicable

CP-8 (3) Separation Of Primary / Alternate Providers

not applicable

CP-8 (4) Provider Contingency Plan

not applicable

CP-8 (5) Alternate Telecommunication Service Testing
CP-9 Information System Backup

planned

CP-9 (1) Testing For Reliability / Integrity

not applicable

CP-9 (2) Test Restoration Using Sampling

not applicable

CP-9 (3) Separate Storage For Critical Information

not applicable

CP-9 (4) Protection From Unauthorized Modification
CP-9 (5) Transfer To Alternate Storage Site

not applicable

CP-9 (6) Redundant Secondary System
CP-9 (7) Dual Authorization
CP-10 Information System Recovery And Reconstitution

planned

CP-10 (1) Contingency Plan Testing
CP-10 (2) Transaction Recovery

planned

CP-10 (3) Compensating Security Controls
CP-10 (4) Restore Within Time Period

not applicable

CP-10 (5) Failover Capability
CP-10 (6) Component Protection
CP-11 Alternate Communications Protocols
CP-12 Safe Mode
CP-13 Alternative Security Mechanisms



CP-1: Contingency Planning Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A contingency planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the contingency planning policy and associated contingency planning controls; and b. Reviews and updates the current: 1. Contingency planning policy [Assignment: organization-defined frequency]; and 2. Contingency planning procedures [Assignment: organization-defined frequency].

CP-1 Control Response Information
Implementation Status: