CP-10 Information System Recovery And Reconstitution
Contingency Planning
Description
The organization employs mechanisms with supporting procedures to allow the information system to be recovered and reconstituted to a known secure state after a disruption or failure.\n
Supplemental Guidance
Information system recovery and reconstitution to a known secure state means that all system parameters (either default or organization-established) are set to secure values, security-critical patches are reinstalled, security-related configuration settings are reestablished, system documentation and operating procedures are available, application and system software is reinstalled and configured with secure settings, information from the most recent, known secure backups is loaded, and the system is fully tested.\n
Changes from Rev 4
Title changed from 'Information System Recovery and Reconstitution' Parameter adds specific recovery time and recovery point objectives
Enhancements
(1) The organization includes a full recovery and reconstitution of the information system as part of contingency plan testing.\n