Description
Employ [Assignment: organization-defined alternative or supplemental security mechanisms] for satisfying [Assignment: organization-defined security functions] when the primary means of implementing the security function is unavailable or compromised.
Supplemental Guidance
Use of alternative security mechanisms supports system resiliency, contingency planning, and continuity of operations. To ensure mission and business continuity, organizations can implement alternative or supplemental security mechanisms. The mechanisms may be less effective than the primary mechanisms. However, having the capability to readily employ alternative or supplemental mechanisms enhances the overall resilience of the system.
Changes from Rev 4
No significant changes from Rev 4.
Compliance Mappings
ISO 27001:2022
A.5.30
ISO 27002:2022
5.29
COBIT 2019
DSS04
MAS TRM
8
BSI IT-Grundschutz
DER.4
EU DORA
Art.11(1)
BIO2
5.29
RBI CSF
ITGRCA.28
NCA ECC
3-1
UAE IA
T12
CBB TM
TM-14
Qatar NIA
BC
CBUAE
CR-13
CBE CSF
OVM-2
SA JS2
JS2-7.5
CBN CSF
Part3.7
BoG CISD
CISD-BCM
BoM CTRM
5.2
IOSCO Cyber Resilience
PFMI-17RR-2
CPMI-IOSCO PFMI
CG.RR
HIPAA Security Rule
ยง164.308(a)(7)(ii)(C)
ECB CROE
CROE.2.5.2
EBA ICT Guidelines
3.7.2
SEBI CSCRF
RC.RP
BOT Cyber Resilience
Ch4.2
Solvency II
DR.266-BCPEIOPA-ICT-4.10
Lloyd's Minimum Standards
MS8.6
FCA SYSC 13
SYSC 13.8.1
FDA Cybersecurity Guidance
SA-6
ISO 27799
17.2
NHS DSPT
NDG-7.4