compliance controls are associated with this Policy definition 'Conduct capacity planning' (33602e78-35e3-4f06-17fb-13dd887448e4)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
CP-2(2) |
FedRAMP_High_R4_CP-2(2) |
FedRAMP High CP-2 (2) |
Contingency Planning |
Capacity Planning |
Shared |
n/a |
The organization conducts capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations.
Supplemental Guidance: Capacity planning is needed because different types of threats (e.g., natural disasters, targeted cyber attacks) can result in a reduction of the available processing, telecommunications, and support services originally intended to support the organizational missions/business functions. Organizations may need to anticipate degraded operations during contingency operations and factor such degradation into capacity planning. |
link |
1 |
| FedRAMP_Moderate_R4 |
CP-2(2) |
FedRAMP_Moderate_R4_CP-2(2) |
FedRAMP Moderate CP-2 (2) |
Contingency Planning |
Capacity Planning |
Shared |
n/a |
The organization conducts capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations.
Supplemental Guidance: Capacity planning is needed because different types of threats (e.g., natural disasters, targeted cyber attacks) can result in a reduction of the available processing, telecommunications, and support services originally intended to support the organizational missions/business functions. Organizations may need to anticipate degraded operations during contingency operations and factor such degradation into capacity planning. |
link |
1 |
| hipaa |
1602.12c1Organizational.4567-12.c |
hipaa-1602.12c1Organizational.4567-12.c |
1602.12c1Organizational.4567-12.c |
16 Business Continuity & Disaster Recovery |
1602.12c1Organizational.4567-12.c 12.01 Information Security Aspects of Business Continuity Management |
Shared |
n/a |
The contingency program addresses required capacity, identifies critical missions and business functions, defines recovery objectives and priorities, and identifies roles and responsibilities. |
|
3 |
| hipaa |
1638.12b2Organizational.345-12.b |
hipaa-1638.12b2Organizational.345-12.b |
1638.12b2Organizational.345-12.b |
16 Business Continuity & Disaster Recovery |
1638.12b2Organizational.345-12.b 12.01 Information Security Aspects of Business Continuity Management |
Shared |
n/a |
Business continuity risk assessments: (i) are carried out annually with full involvement from owners of business resources and processes; (ii) consider all business processes and is not limited to the information assets, but includes the results specific to information security; and, (iii) identifies, quantifies, and prioritizes risks against key business objectives and criteria relevant to the organization, including critical resources, impacts of disruptions, allowable outage times, and recovery priorities. |
|
5 |
| ISO27001-2013 |
A.12.1.3 |
ISO27001-2013_A.12.1.3 |
ISO 27001:2013 A.12.1.3 |
Operations Security |
Capacity management |
Shared |
n/a |
The use of resources shall be monitored, tuned, and projections made of future capacity requirements to ensure the required system performance. |
link |
2 |
|
mp.s.4 Protection against denial of service |
mp.s.4 Protection against denial of service |
404 not found |
|
|
|
n/a |
n/a |
|
7 |
| NIST_SP_800-53_R4 |
CP-2(2) |
NIST_SP_800-53_R4_CP-2(2) |
NIST SP 800-53 Rev. 4 CP-2 (2) |
Contingency Planning |
Capacity Planning |
Shared |
n/a |
The organization conducts capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations.
Supplemental Guidance: Capacity planning is needed because different types of threats (e.g., natural disasters, targeted cyber attacks) can result in a reduction of the available processing, telecommunications, and support services originally intended to support the organizational missions/business functions. Organizations may need to anticipate degraded operations during contingency operations and factor such degradation into capacity planning. |
link |
1 |
| NIST_SP_800-53_R5 |
CP-2(2) |
NIST_SP_800-53_R5_CP-2(2) |
NIST SP 800-53 Rev. 5 CP-2 (2) |
Contingency Planning |
Capacity Planning |
Shared |
n/a |
Conduct capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations. |
link |
1 |
|
op.pl.4 Sizing and capacity management |
op.pl.4 Sizing and capacity management |
404 not found |
|
|
|
n/a |
n/a |
|
12 |
| SOC_2 |
A1.1 |
SOC_2_A1.1 |
SOC 2 Type 2 A1.1 |
Additional Criteria For Availability |
Capacity management |
Shared |
The customer is responsible for implementing this recommendation. |
The entity maintains, monitors, and evaluates current processing capacity and use of system components (infrastructure, data, and software) to manage capacity demand and to enable the implementation of additional capacity to help meet its objectives.
The following points of focus, which apply only to an engagement using the trust services criteria for availability, highlight important characteristics relating to this criterion:
• Measures Current Usage — The use of the system components is measured to establish a baseline for capacity management and to use when evaluating the risk of impaired availability due to capacity constraints.
• Forecasts Capacity — The expected average and peak use of system components is
forecasted and compared to system capacity and associated tolerances. Forecasting
considers capacity in the event of the failure of system components that constrain
capacity.
• Makes Changes Based on Forecasts — The system change management process is initiated when forecasted usage exceeds capacity tolerances |
|
1 |
| SWIFT_CSCF_v2022 |
8.4 |
SWIFT_CSCF_v2022_8.4 |
SWIFT CSCF v2022 8.4 |
8. Set and Monitor Performance |
Ensure availability, capacity, and quality of services to customers |
Shared |
n/a |
Ensure availability, capacity, and quality of services to customers |
link |
7 |
| SWIFT_CSCF_v2022 |
9.4 |
SWIFT_CSCF_v2022_9.4 |
SWIFT CSCF v2022 9.4 |
9. Ensure Availability through Resilience |
Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth |
Shared |
n/a |
Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth |
link |
5 |