Red Hat Virtualization Host - Contingency Planning

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
CP-1 Contingency Planning Policy And Procedures

not applicable

CP-2 Contingency Plan

not applicable

CP-2 (1) Coordinate With Related Plans
CP-2 (2) Capacity Planning
CP-2 (3) Resume Essential Missions / Business Functions
CP-2 (4) Resume All Missions / Business Functions
CP-2 (5) Continue Essential Missions / Business Functions
CP-2 (6) Alternate Processing / Storage Site
CP-2 (7) Coordinate With External Service Providers
CP-2 (8) Identify Critical Assets
CP-3 Contingency Training

not applicable

CP-3 (1) Simulated Events
CP-3 (2) Automated Training Environments
CP-4 Contingency Plan Testing

not applicable

CP-4 (1) Coordinate With Related Plans
CP-4 (2) Alternate Processing Site
CP-4 (3) Automated Testing
CP-4 (4) Full Recovery / Reconstitution
CP-5 Contingency Plan Update
CP-6 Alternate Storage Site
CP-6 (1) Separation From Primary Site
CP-6 (2) Recovery Time / Point Objectives
CP-6 (3) Accessibility
CP-7 Alternate Processing Site
CP-7 (1) Separation From Primary Site
CP-7 (2) Accessibility
CP-7 (3) Priority Of Service
CP-7 (4) Preparation For Use
CP-7 (5) Equivalent Information Security Safeguards
CP-7 (6) Inability To Return To Primary Site
CP-8 Telecommunications Services
CP-8 (1) Priority Of Service Provisions
CP-8 (2) Single Points Of Failure
CP-8 (3) Separation Of Primary / Alternate Providers
CP-8 (4) Provider Contingency Plan
CP-8 (5) Alternate Telecommunication Service Testing
CP-9 Information System Backup

not applicable

CP-9 (1) Testing For Reliability / Integrity
CP-9 (2) Test Restoration Using Sampling
CP-9 (3) Separate Storage For Critical Information
CP-9 (4) Protection From Unauthorized Modification
CP-9 (5) Transfer To Alternate Storage Site
CP-9 (6) Redundant Secondary System
CP-9 (7) Dual Authorization
CP-10 Information System Recovery And Reconstitution

not applicable

CP-10 (1) Contingency Plan Testing
CP-10 (2) Transaction Recovery
CP-10 (3) Compensating Security Controls
CP-10 (4) Restore Within Time Period
CP-10 (5) Failover Capability
CP-10 (6) Component Protection
CP-11 Alternate Communications Protocols
CP-12 Safe Mode
CP-13 Alternative Security Mechanisms



CP-1: Contingency Planning Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A contingency planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the contingency planning policy and associated contingency planning controls; and b. Reviews and updates the current: 1. Contingency planning policy [Assignment: organization-defined frequency]; and 2. Contingency planning procedures [Assignment: organization-defined frequency].

CP-1 Control Response Information
Implementation Status:

not applicable

CP-1: What is the solution and how is it implemented?
CP-1(a):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’

CP-1(b):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’




CP-2: Contingency Plan

The organization: a. Develops a contingency plan for the information system that: 1. Identifies essential missions and business functions and associated contingency requirements; 2. Provides recovery objectives, restoration priorities, and metrics; 3. Addresses contingency roles, responsibilities, assigned individuals with contact information; 4. Addresses maintaining essential missions and business functions despite an information system disruption, compromise, or failure; 5. Addresses eventual, full information system restoration without deterioration of the security safeguards originally planned and implemented; and 6. Is reviewed and approved by [Assignment: organization-defined personnel or roles]; b. Distributes copies of the contingency plan to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; c. Coordinates contingency planning activities with incident handling activities; d. Reviews the contingency plan for the information system [Assignment: organization-defined frequency]; e. Updates the contingency plan to address changes to the organization, information system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing; f. Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and g. Protects the contingency plan from unauthorized disclosure and modification.

CP-2 Control Response Information
Implementation Status:

not applicable

CP-2: What is the solution and how is it implemented?
CP-2(a):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’

CP-2(b):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’

CP-2(c):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’

CP-2(d):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’

CP-2(e):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’

CP-2(f):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’

CP-2(g):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’




CP-2 (1): Coordinate With Related Plans

“The organization coordinates contingency plan development with organizational elements responsible for related plans.”

CP-2 (1) Control Response Information
Implementation Status:
CP-2 (1): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-2 (2): Capacity Planning

“The organization conducts capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations.”

CP-2 (2) Control Response Information
Implementation Status:
CP-2 (2): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-2 (3): Resume Essential Missions / Business Functions

“The organization plans for the resumption of essential missions and business functions within [Assignment: organization-defined time period] of contingency plan activation.”

CP-2 (3) Control Response Information
Implementation Status:
CP-2 (3): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-2 (4): Resume All Missions / Business Functions

“The organization plans for the resumption of all missions and business functions within [Assignment: organization-defined time period] of contingency plan activation.”

CP-2 (4) Control Response Information
Implementation Status:
CP-2 (4): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-2 (5): Continue Essential Missions / Business Functions

“The organization plans for the continuance of essential missions and business functions with little or no loss of operational continuity and sustains that continuity until full information system restoration at primary processing and/or storage sites.”

CP-2 (5) Control Response Information
Implementation Status:
CP-2 (5): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-2 (6): Alternate Processing / Storage Site

“The organization plans for the transfer of essential missions and business functions to alternate processing and/or storage sites with little or no loss of operational continuity and sustains that continuity through information system restoration to primary processing and/or storage sites.”

CP-2 (6) Control Response Information
Implementation Status:
CP-2 (6): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-2 (7): Coordinate With External Service Providers

“The organization coordinates its contingency plan with the contingency plans of external service providers to ensure that contingency requirements can be satisfied.”

CP-2 (7) Control Response Information
Implementation Status:
CP-2 (7): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-2 (8): Identify Critical Assets

“The organization identifies critical information system assets supporting essential missions and business functions.”

CP-2 (8) Control Response Information
Implementation Status:
CP-2 (8): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-3: Contingency Training

The organization provides contingency training to information system users consistent with assigned roles and responsibilities: a. Within [Assignment: organization-defined time period] of assuming a contingency role or responsibility; b. When required by information system changes; and c. [Assignment: organization-defined frequency] thereafter.

CP-3 Control Response Information
Implementation Status:

not applicable

CP-3: What is the solution and how is it implemented?
CP-3(a):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’

CP-3(b):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’

CP-3(c):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’




CP-3 (1): Simulated Events

“The organization incorporates simulated events into contingency training to facilitate effective response by personnel in crisis situations.”

CP-3 (1) Control Response Information
Implementation Status:
CP-3 (1): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-3 (2): Automated Training Environments

“The organization employs automated mechanisms to provide a more thorough and realistic contingency training environment.”

CP-3 (2) Control Response Information
Implementation Status:
CP-3 (2): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-4: Contingency Plan Testing

The organization: a. Tests the contingency plan for the information system [Assignment: organization-defined frequency] using [Assignment: organization-defined tests] to determine the effectiveness of the plan and the organizational readiness to execute the plan; b. Reviews the contingency plan test results; and c. Initiates corrective actions, if needed.

CP-4 Control Response Information
Implementation Status:

not applicable

CP-4: What is the solution and how is it implemented?
CP-4(a):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’

CP-4(b):

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat Virtualization Host (RHVH).’




CP-4 (1): Coordinate With Related Plans

“The organization coordinates contingency plan testing with organizational elements responsible for related plans.”

CP-4 (1) Control Response Information
Implementation Status:
CP-4 (1): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-4 (2): Alternate Processing Site

The organization tests the contingency plan at the alternate processing site: (2)(a). To familiarize contingency personnel with the facility and available resources; and (2)(b). To evaluate the capabilities of the alternate processing site to support contingency operations.

CP-4 (2) Control Response Information
Implementation Status:
CP-4 (2): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-4 (3): Automated Testing

“The organization employs automated mechanisms to more thoroughly and effectively test the contingency plan.”

CP-4 (3) Control Response Information
Implementation Status:
CP-4 (3): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.



CP-4 (4): Full Recovery / Reconstitution

“The organization includes a full recovery and reconstitution of the information system to a known state as part of contingency plan testing.”

CP-4 (4) Control Response Information
Implementation Status:
CP-4 (4): What is the solution and how is it implemented?
This control has not been evaluated in the context of Red Hat Virtualization Host.