compliance controls are associated with this Policy definition 'Plan for continuance of essential business functions' (d9edcea6-6cb8-0266-a48c-2061fbac4310)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
CP-2(5) |
FedRAMP_High_R4_CP-2(5) |
FedRAMP High CP-2 (5) |
Contingency Planning |
Continue Essential Missions / Business Functions |
Shared |
n/a |
The organization plans for the continuance of essential missions and business functions with little or no loss of operational continuity and sustains that continuity until full information system restoration at primary processing and/or storage sites.
Supplemental Guidance: Organizations may choose to carry out the contingency planning activities in this control enhancement as part of organizational business continuity planning including, for example, as part of business impact analyses. Primary processing and/or storage sites defined by organizations as part of contingency planning may change depending on the circumstances associated with the contingency (e.g., backup sites may become primary sites). Related control: PE-12. |
link |
1 |
| ISO27001-2013 |
A.11.1.4 |
ISO27001-2013_A.11.1.4 |
ISO 27001:2013 A.11.1.4 |
Physical And Environmental Security |
Protecting against external and environmental threats |
Shared |
n/a |
Physical protection against natural disasters, malicious attack or accidents shall be designed and applied. |
link |
9 |
| ISO27001-2013 |
A.12.3.1 |
ISO27001-2013_A.12.3.1 |
ISO 27001:2013 A.12.3.1 |
Operations Security |
Information backup |
Shared |
n/a |
Backup copies of information, software and system images shall be taken and tested regularly in accordance with an agreed backup policy. |
link |
13 |
| ISO27001-2013 |
A.17.1.2 |
ISO27001-2013_A.17.1.2 |
ISO 27001:2013 A.17.1.2 |
Information Security Aspects Of Business Continuity Management |
Implementing information security continuity |
Shared |
n/a |
The organization shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation. |
link |
18 |
| ISO27001-2013 |
A.17.2.1 |
ISO27001-2013_A.17.2.1 |
ISO 27001:2013 A.17.2.1 |
Information Security Aspects Of Business Continuity Management |
Availability of information processing facilities |
Shared |
n/a |
Information processing facilities shall be implemented with redundancy sufficient to meet availability requirements. |
link |
17 |
|
mp.eq.3 Protection of portable devices |
mp.eq.3 Protection of portable devices |
404 not found |
|
|
|
n/a |
n/a |
|
71 |
|
mp.eq.4 Other devices connected to the network |
mp.eq.4 Other devices connected to the network |
404 not found |
|
|
|
n/a |
n/a |
|
35 |
|
mp.if.1 Separate areas with access control |
mp.if.1 Separate areas with access control |
404 not found |
|
|
|
n/a |
n/a |
|
23 |
|
mp.if.3 Fitting-out of premises |
mp.if.3 Fitting-out of premises |
404 not found |
|
|
|
n/a |
n/a |
|
18 |
|
mp.if.5 Fire protection |
mp.if.5 Fire protection |
404 not found |
|
|
|
n/a |
n/a |
|
16 |
|
mp.if.6 Flood protection |
mp.if.6 Flood protection |
404 not found |
|
|
|
n/a |
n/a |
|
16 |
|
mp.info.6 Backups |
mp.info.6 Backups |
404 not found |
|
|
|
n/a |
n/a |
|
65 |
|
mp.si.2 Cryptography |
mp.si.2 Cryptography |
404 not found |
|
|
|
n/a |
n/a |
|
32 |
| NIST_SP_800-53_R4 |
CP-2(5) |
NIST_SP_800-53_R4_CP-2(5) |
NIST SP 800-53 Rev. 4 CP-2 (5) |
Contingency Planning |
Continue Essential Missions / Business Functions |
Shared |
n/a |
The organization plans for the continuance of essential missions and business functions with little or no loss of operational continuity and sustains that continuity until full information system restoration at primary processing and/or storage sites.
Supplemental Guidance: Organizations may choose to carry out the contingency planning activities in this control enhancement as part of organizational business continuity planning including, for example, as part of business impact analyses. Primary processing and/or storage sites defined by organizations as part of contingency planning may change depending on the circumstances associated with the contingency (e.g., backup sites may become primary sites). Related control: PE-12. |
link |
1 |
| NIST_SP_800-53_R5 |
CP-2(5) |
NIST_SP_800-53_R5_CP-2(5) |
NIST SP 800-53 Rev. 5 CP-2 (5) |
Contingency Planning |
Continue Mission and Business Functions |
Shared |
n/a |
Plan for the continuance of [Selection: all;essential] mission and business functions with minimal or no loss of operational continuity and sustains that continuity until full system restoration at primary processing and/or storage sites. |
link |
1 |
| SWIFT_CSCF_v2022 |
10.1 |
SWIFT_CSCF_v2022_10.1 |
SWIFT CSCF v2022 10.1 |
10. Be Ready in case of Major Disaster |
Business continuity is ensured through a documented plan communicated to the potentially affected
parties (service bureau and customers). |
Shared |
n/a |
Business continuity is ensured through a documented plan communicated to the potentially affected
parties (service bureau and customers). |
link |
5 |
| SWIFT_CSCF_v2022 |
8.1 |
SWIFT_CSCF_v2022_8.1 |
SWIFT CSCF v2022 8.1 |
8. Set and Monitor Performance |
Ensure availability by formally setting and monitoring the objectives to be achieved |
Shared |
n/a |
Ensure availability by formally setting and monitoring the objectives to be achieved |
link |
8 |
| SWIFT_CSCF_v2022 |
8.4 |
SWIFT_CSCF_v2022_8.4 |
SWIFT CSCF v2022 8.4 |
8. Set and Monitor Performance |
Ensure availability, capacity, and quality of services to customers |
Shared |
n/a |
Ensure availability, capacity, and quality of services to customers |
link |
7 |