CP-10 Information System Recovery And Reconstitution

Control: The organization employs mechanisms with supporting procedures to allow the information system to be recovered and reconstituted to a known secure state after a disruption or failure.

Supplemental Guidance: Information system recovery and reconstitution to a known secure state means that all system parameters (either default or organization-established) are set to secure values, security-critical patches are reinstalled, security-related configuration settings are reestablished, system documentation and operating procedures are available, application and system software is reinstalled and configured with secure settings, information from the most recent, known secure backups is loaded, and the system is fully tested.

Control Enhancements: (1) The organization includes a full recovery and reconstitution of the information system as part of contingency plan testing.

Baseline: LOW CP-10 MOD CP-10 HIGH CP-10 (1)

Family: Contingency Planning

Class: Operational

ISO 17799 mapping: 14.1.4

COBIT 4.1 mapping: DS4.8, DS11.5

PCI-DSS v2 mapping: None.