Eleos | Home

Business Continuity Management and Operational Resilience (BCR)

Backup

Level N/A

Periodically backup data stored in the cloud. Ensure the confidentiality, integrity and availability of the backup, and verify data restoration from backup for resiliency.

Parent

Compliance Framework

CCM v4.0.10

Control Number

BCR-08

Related

Compliance Framework

CIS v8.0

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

11.1

11.2

11.3

11.4

11.5

8.13

5.23

CP-4

CP-4(4)

CP-6

CP-6(1)

CP-6(2)

CP-6(3)

CP-9(1)

CP-9(2)

CP-10

CP-10(2)

CP-10(4)

PR.IP-4

PR.DS-1

BCD-11

BCD-11.1

BCD-11.5

Solutions
Community

Business Continuity Management and Operational Resilience (BCR)

Establish, document, approve, communicate, apply, evaluate and maintain a disaster response plan to recover from natural and man-made disasters. Update the plan at least annually or upon significant changes.

Parent

Compliance Framework

CCM v4.0.10

Control Number

BCR-09

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.29

CP-2(1)

CP-2(2)

CP-2(3)

CP-2(5)

CP-2(6)

CP-2(7)

CP-2(8)

PE-13

PE-13(1)

PE-13(2)

PE-13(4)

PR.IP-9

PR.IP-10

RC.IM-1

RC.IM-2

BCD-01

Solutions
Community

Business Continuity Management and Operational Resilience (BCR)

Response Plan Exercise

Level N/A

Exercise the disaster response plan annually or upon significant changes, including if possible local emergency authorities.

Parent

Compliance Framework

CCM v4.0.10

Control Number

BCR-10

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

AT-2

AT-2(1)

AT-3

AT-3(3)

AT-4

CP-3

CP-3(1)

IR-3

IR-3(2)

IR-3(3)

IR-9

IR-9(2)

PR.IP-10

BCD-04

Solutions
Community

Business Continuity Management and Operational Resilience (BCR)

Equipment Redundancy

Level N/A

Supplement business-critical equipment with redundant equipment independently located at a reasonable minimum distance in accordance with applicable industry standards.

Parent

Compliance Framework

CCM v4.0.10

Control Number

BCR-11

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

8.14

CP-2

CP-2(2)

CP-4(3)

CP-6

CP-6(1)

CP-7

CP-8

CP-8(1)

CP-8(2)

CP-8(3)

CP-9

CP-9(6)

ID.BE-4

ID.BE-5

BCD-11.7

BCD-12.2

Solutions
Community

Change Control and Configuration Management (CCC)

Change Management Policy and Procedures

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for managing the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced). Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CCC-01

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

CIS v8.0

Control Number

4.1

CM-1

CM-9

CM-9(1)

CM-10

CM-10(1)

CM-11

PM-9

PS-8

SA-8

SA-8(1)

SA-8(24)

SI-12

ID.GV-1

PR.IP-1

PR.IP-2

PR.IP-3

GOV-02

GOV-03

CHG-01

4.1

Solutions
Community

Change Control and Configuration Management (CCC)

Quality Testing

Level N/A

Follow a defined quality change control, approval and testing process with established baselines, testing, and release standards.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CCC-02

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

CM-2

CM-2(2)

CM-2(6)

CM-3

CM-3(2)

CM-3(7)

CM-4

CM-4(1)

CM-4(2)

PR.IP-2

PR.IP-3

CHG-02

CHG-02.2

Solutions
Community

Change Control and Configuration Management (CCC)

Change Management Technology

Level N/A

Manage the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced).

Parent

Compliance Framework

CCM v4.0.10

Control Number

CCC-03

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

CM-2

CM-2(2)

CM-2(3)

CM-2(7)

CM-3

CM-3(2)

CM-3(3)

CM-3(5)

CM-3(6)

CM-4

CM-4(1)

CM-5

CM-5(5)

CM-5(6)

CM-7

CM-7(2)

CM-7(3)

CM-7(4)

CM-7(5)

CM-7(6)

CM-7(7)

CM-11

CM-11(2)

CM-14

SA-10

SA-10(7)

SA-11

SA-11(9)

PR.IP-3

CHG-02.1

CHG-03

Solutions
Community

Change Control and Configuration Management (CCC)

Unauthorized Change Protection

Level N/A

Restrict the unauthorized addition, removal, update, and management of organization assets.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CCC-04

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

CA-7

CA-7(4)

CM-3

CM-3(1)

CM-3(5)

CM-3(7)

CM-3(8)

CM-5

CM-5(1)

CM-5(4)

CM-5(5)

CM-6

CM-6(1)

CM-6(2)

CM-7

CM-7(1)

CM-7(4)

CM-7(5)

CM-7(9)

ID.AM-1

ID.AM-2

ID.AM-4

PR.MA-1

PR.MA-2

PR.AC-1

CHG-02.1

CHG-02.4

CHG-04

CHG-04.1

CHG-04.4

Solutions
Community

Change Control and Configuration Management (CCC)

Change Agreements

Level N/A

Include provisions limiting changes directly impacting CSCs owned environments/tenants to explicitly authorized requests within service level agreements between CSPs and CSCs.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CCC-05

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

CM-3