Establish, document, approve, communicate, apply, evaluate and maintain a disaster response plan to recover from natural and man-made disasters. Update the plan at least annually or upon significant changes.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Exercise the disaster response plan annually or upon significant changes, including if possible local emergency authorities.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Supplement business-critical equipment with redundant equipment independently located at a reasonable minimum distance in accordance with applicable industry standards.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for managing the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced). Review and update the policies and procedures at least annually.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Follow a defined quality change control, approval and testing process with established baselines, testing, and release standards.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Manage the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced).
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Restrict the unauthorized addition, removal, update, and management of organization assets.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Include provisions limiting changes directly impacting CSCs owned environments/tenants to explicitly authorized requests within service level agreements between CSPs and CSCs.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Establish change management baselines for all relevant authorized changes on organization assets.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Implement detection measures with proactive notification in case of changes deviating from the established baseline.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Passcode