Contingency Planning (CP)
Withdrawn: Incorporated into CP-7.]
Contingency Planning (CP)
Provide the capability to restore system components within [Assignment: organization-defined restoration time periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components.
Contingency Planning (CP)
[Withdrawn: Incorporated into CP-9.]
Contingency Planning (CP)
Protect system components used for recovery and reconstitution.
Contingency Planning (CP)
Level N/A
Provide the capability to employ [Assignment: organization-defined alternative communications protocols] in support of maintaining continuity of operations.
Contingency Planning (CP)
Level N/A
When [Assignment: organization-defined conditions] are detected, enter a safe mode of operation with [Assignment: organization-defined restrictions of safe mode of operation].
Contingency Planning (CP)
Level N/A
Employ [Assignment: organization-defined alternative or supplemental security mechanisms] for satisfying [Assignment: organization-defined security functions] when the primary means of implementing the security function is unavailable or compromised.
Identification and Authentication (IA)
Level N/A
a. Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: 1. [Selection (one or more): Organization-level; Mission/business process-level; System-level] identification and authentication policy that: (a) Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (b) Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and 2. Procedures to facilitate the implementation of the identification and authentication policy and the associated identification and authentication controls; b. Designate an [Assignment: organization-defined official] to manage the development, documentation, and dissemination of the identification and authentication policy and procedures; and c. Review and update the current identification and authentication: 1. Policy [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and 2. Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events].
Identification and Authentication (IA)
Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.
Identification and Authentication (IA)
Implement multi-factor authentication for access to privileged accounts.
