SlideShare a Scribd company logo

NIST Special Publication 800-34 Rev. 1 Contingency.docx

Download as DOCX, PDF
P
picklesvalery

NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson Pauline Bowen Amy Wohl Phillips Dean Gallup David Lynes NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson Pauline Bowen Amy Wohl Phillips Dean Gallup David Lynes May 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Director Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. There are references in this publication to documents currently under development by NIST in accordance with responsibilities assigned to NIST under the Federal Information Security Management Act of 2002. The methodologies in this document may be used even before the completion of such companion documents. Thus, until such time as each document is completed, current requirements, guidelines, and procedures (where they exist) remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new documents by NIST. Individuals are also encouraged to review the public draft documents and offer their comments to NIST. All NIST documents mentioned in this publication, other than the ones noted above, are available at http://csrc.nist.gov/publications. National Institute of Standards and Technology Special Publication 800-34 Natl. Inst. Stand. Technol. Spec. Publ. 800-34, 150 pages (May 2010) CODEN: NSPUE2 http://csrc.nist.gov/publications CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations..

Education
1 of 14
NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson Pauline Bowen Amy Wohl Phillips Dean Gallup David Lynes NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson Pauline Bowen Amy Wohl Phillips
Dean Gallup David Lynes May 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Director Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. There are references in this publication to documents currently under development by NIST in accordance with responsibilities assigned to NIST under the
Federal Information Security Management Act of 2002. The methodologies in this document may be used even before the completion of such companion documents. Thus, until such time as each document is completed, current requirements, guidelines, and procedures (where they exist) remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new documents by NIST. Individuals are also encouraged to review the public draft documents and offer their comments to NIST. All NIST documents mentioned in this publication, other than the ones noted above, are available at http://csrc.nist.gov/publications. National Institute of Standards and Technology Special Publication 800-34 Natl. Inst. Stand. Technol. Spec. Publ. 800-34, 150 pages (May 2010) CODEN: NSPUE2 http://csrc.nist.gov/publications CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS
Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. ii CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS
Authority This document has been developed by the National Institute of Standards and Technology (NIST) in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets, but such standards and guidelines shall not apply to national security systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A- 130, Section 8b(3), “Securing Agency Information Systems,” as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in A-130, Appendix III. This guideline has been prepared for use by federal agencies. It may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright. Attribution would be appreciated by NIST. Nothing in this document should be taken to contradict standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official.
NIST Special Publication 800-34, Revision 1, 150 pages (May 2010) National Institute of Standards and Technology Attn: Computer Security Division, Information Technology Laboratory 100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899- 8930 iii CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Compliance with NIST Standards and Guidelines NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA) of 2002 and in managing cost- effective programs to protect their information and information systems. • Federal Information Processing Standards (FIPS) are developed by NIST in accordance with FISMA. FIPS are approved by the Secretary of Commerce and
are compulsory and binding for federal agencies. Since FISMA requires that federal agencies comply with these standards, agencies may not waive their use. • Guidance documents and recommendations are issued in the NIST Special Publication (SP) 800- series. Office of Management and Budget (OMB) policies (including OMB FISMA Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management) state that, for other than national security programs and systems, agencies must follow NIST guidance.1 • Other security-related publications, including NIST interagency and internal reports (NISTIRs) and ITL Bulletins, provide technical and other information about NIST’s activities. These publications are mandatory only when so specified by OMB. 1 While agencies are required to follow NIST guidance in accordance with OMB policy, there is flexibility within NIST’s guidance in how agencies apply the guidance. Unless otherwise specified by OMB, the 800-series guidance documents published by NIST generally allow agencies some latitude in the application. Consequently, the application of NIST guidance by agencies can result in different security solutions that are equally acceptable, compliant with the guidance, and meet the
OMB definition of adequate security for federal information systems. When assessing federal agency compliance with NIST guidance, auditors, evaluators, and assessors should consider the intent of the security concepts and principles articulated within the particular guidance document and how the agency applied the guidance in the context of its specific mission responsibilities, operational environments, and unique organizational conditions. iv CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Acknowledgements The authors, Marianne Swanson and Pauline Bowen of the National Institute of Standards and Technology (NIST), Amy Wohl Phillips, Dean Gallup, and David Lynes of Booz Allen Hamilton, wish to thank their colleagues who reviewed drafts of this document and contributed to its technical content. The authors would like to acknowledge Kelley Dempsey, Esther Katzman, Peter Mell, Murugiah Souppaya, Lee Badger, and Elizabeth Lennon of NIST, and David Linthicum of Booz Allen Hamilton for their keen and insightful assistance with technical issues throughout the development of the document. v
CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Table of Contents Executive Summary ............................................................................................... ..................... 1 Chapter 1. Introduction ............................................................................................... ..... 1 1.1 Purpose................................................................................... .................................... 1 1.2 Scope ............................................................................................... ........................... 2 1.3 Audience ............................................................................................... ...................... 3 1.4 Document Structure ............................................................................................... ..... 4 Chapter 2. Background ............................................................................................... ..... 5 2.1 Contingency Planning and Resilience ........................................................................ 5 2.2 Types of Plans ............................................................................................... ............. 7
2.2.1 Business Continuity Plan (BCP) ...................................................................... 8 2.2.2 Continuity of Operations (COOP) Plan ............................................................ 8 2.2.3 Crisis Communications Plan............................................................................ 9 2.2.4 Critical Infrastructure Protection (CIP) Plan..................................................... 9 2.2.5 Cyber Incident Response Plan ...................................................................... 10 2.2.6 Disaster Recovery Plan (DRP) ...................................................................... 10 2.2.7 Information System Contingency Plan (ISCP)............................................... 10 2.2.8 Occupant Emergency Plan (OEP) ................................................................. 10 Chapter 3. Information System Contingency Planning Process................................ 13 3.1 Develop the Contingency Planning Policy Statement ............................................... 14 3.2 Conduct the Business Impact Analysis (BIA)............................................................ 15 3.2.1 Determine Business Processes and Recovery Criticality .............................. 16 3.2.2 Identify Resource Requirements ................................................................... 19 3.2.3 Identify System Resource Recovery Priorities .............................................. 19 3.3 Identify Preventive Controls ...................................................................................... 19 3.4 Create Contingency Strategies ................................................................................. 20
3.4.1 Backup and Recovery ................................................................................... 20 3.4.2 Backup Methods and Offsite Storage ............................................................ 21 3.4.3 Alternate Sites ............................................................................................... 21 3.4.4 Equipment Replacement ............................................................................... 24 3.4.5 Cost Considerations ...................................................................................... 25 3.4.6 Roles and Responsibilities ............................................................................ 26 3.5 Plan Testing, Training, and Exercises (TT&E) .......................................................... 27 3.5.1 Testing.................................................................................... ....................... 27 3.5.2 Training.................................................................................. ........................ 28 3.5.3 Exercises ............................................................................................... ........ 29 3.5.4 TT&E Program Summary .............................................................................. 29 3.6 Plan Maintenance ............................................................................................... ...... 31 Chapter 4. Information System Contingency Plan Development............................... 34 4.1 Supporting
Information............................................................................. ................. 35 4.2 Activation and Notification Phase ............................................................................. 36 4.2.1 Activation Criteria and Procedure .................................................................. 36 4.2.2 Notification Procedures ................................................................................. 36 4.2.3 Outage Assessment ...................................................................................... 38 4.3 Recovery Phase...................................................................................... .................. 39 4.3.1 Sequence of Recovery Activities ................................................................... 39 vi Mirco Escobedo Highlight Mirco Escobedo Highlight CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS 4.3.2 Recovery Procedures .................................................................................... 39 4.3.3 Recovery Escalation and Notification ............................................................ 40
4.4 Reconstitution Phase ............................................................................................... . 41 4.5 Plan Appendices ............................................................................................... ........ 42 Chapter 5. Technical Contingency Planning Considerations..................................... 43 5.1 Common Considerations .......................................................................................... 43 5.1.1 Use of the BIA ......................................................................................... ...... 44 5.1.2 Maintenance of Data Security, Integrity, and Backup.................................... 44 5.1.3 Protection of Resources ................................................................................ 46 5.1.4 Adherence to Security Controls ..................................................................... 46 5.1.5 Identification of Alternate Storage and Processing Facilities......................... 46 5.1.6 Use of High Availability (HA) Processes........................................................ 48 5.2 Client/Server Systems .............................................................................................. 48 5.2.1 Client/Server Systems Contingency Considerations ..................................... 49 5.2.2 Client/Server Systems Contingency
Solution s .............................................. 51 5.3 Telecommunications Systems .................................................................................. 52 5.3.1 Telecommunications Contingency Considerations........................................ 53 5.3.2 Telecommunications Contingency

Recommended

Contingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxContingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxmaxinesmith73660
 
Sp800 30-rev1-ipd
Sp800 30-rev1-ipdSp800 30-rev1-ipd
Sp800 30-rev1-ipdFISMA-COMPARED
 
Endpoint Protection Platform Invent Youself/tutorialoutletdotcom
Endpoint Protection Platform Invent Youself/tutorialoutletdotcomEndpoint Protection Platform Invent Youself/tutorialoutletdotcom
Endpoint Protection Platform Invent Youself/tutorialoutletdotcomapjk220
 
NIST.SP.800-53r4
NIST.SP.800-53r4NIST.SP.800-53r4
NIST.SP.800-53r4Eric Hodge - MBA
 
NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3David Sweigert
 
Nist.sp.800 53r4 (1)
Nist.sp.800 53r4 (1)Nist.sp.800 53r4 (1)
Nist.sp.800 53r4 (1)Aravamuthan Chockalingam
 
NIST SP 800-171 - Protecting Controlled Unclassified Information
NIST SP 800-171 - Protecting Controlled Unclassified Information NIST SP 800-171 - Protecting Controlled Unclassified Information
NIST SP 800-171 - Protecting Controlled Unclassified Information David Sweigert
 
NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83David Sweigert
 

Recommended

Contingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxContingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxmaxinesmith73660
 
Sp800 30-rev1-ipd
Sp800 30-rev1-ipdSp800 30-rev1-ipd
Sp800 30-rev1-ipdFISMA-COMPARED
 
Endpoint Protection Platform Invent Youself/tutorialoutletdotcom
Endpoint Protection Platform Invent Youself/tutorialoutletdotcomEndpoint Protection Platform Invent Youself/tutorialoutletdotcom
Endpoint Protection Platform Invent Youself/tutorialoutletdotcomapjk220
 
NIST.SP.800-53r4
NIST.SP.800-53r4NIST.SP.800-53r4
NIST.SP.800-53r4Eric Hodge - MBA
 
NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3David Sweigert
 
Nist.sp.800 53r4 (1)
Nist.sp.800 53r4 (1)Nist.sp.800 53r4 (1)
Nist.sp.800 53r4 (1)Aravamuthan Chockalingam
 
NIST SP 800-171 - Protecting Controlled Unclassified Information
NIST SP 800-171 - Protecting Controlled Unclassified Information NIST SP 800-171 - Protecting Controlled Unclassified Information
NIST SP 800-171 - Protecting Controlled Unclassified Information David Sweigert
 
NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83David Sweigert
 
Guide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docxGuide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docxwhittemorelucilla
 
NIST Risk management Framework NIST 800-30, rev. 1
NIST Risk management Framework NIST 800-30, rev. 1NIST Risk management Framework NIST 800-30, rev. 1
NIST Risk management Framework NIST 800-30, rev. 1David Sweigert
 
oow
oowoow
oowRahmat Afianto
 
NIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docxNIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docxvannagoforth
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184David Sweigert
 
NIST.SP.800-37r2.pdf
NIST.SP.800-37r2.pdfNIST.SP.800-37r2.pdf
NIST.SP.800-37r2.pdf>hey> whee hey
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
Nist.sp.800 124r1
Nist.sp.800 124r1Nist.sp.800 124r1
Nist.sp.800 124r1Global Business Professor
 
NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)David Sweigert
 
Nist ir
Nist irNist ir
Nist irronnyvaningh
 
3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdf3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdfAdmin621695
 
Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171RepentSinner
 
NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docx NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docxrobert345678
 
NIST Special Publication 800-53 Revision 4 Securit.docx
NIST Special Publication 800-53 Revision 4 Securit.docxNIST Special Publication 800-53 Revision 4 Securit.docx
NIST Special Publication 800-53 Revision 4 Securit.docxvannagoforth
 
NIST Special Publication 800-53 Revision 5
NIST Special Publication 800-53 Revision 5NIST Special Publication 800-53 Revision 5
NIST Special Publication 800-53 Revision 5VICTOR MAESTRE RAMIREZ
 
SP 800-150, the Guide to Cyber Threat Information Sharing
SP 800-150, the Guide to Cyber Threat Information SharingSP 800-150, the Guide to Cyber Threat Information Sharing
SP 800-150, the Guide to Cyber Threat Information SharingDavid Sweigert
 
NIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxNIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxgibbonshay
 
NIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxNIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxvannagoforth
 
Sp800 55 Rev1 Performance Measurement Guide For Information Security
Sp800 55 Rev1 Performance Measurement Guide For Information SecuritySp800 55 Rev1 Performance Measurement Guide For Information Security
Sp800 55 Rev1 Performance Measurement Guide For Information SecurityJoao Couto
 
Computer Security Incident Handling Guide Recommendati.docx
Computer Security Incident Handling Guide Recommendati.docxComputer Security Incident Handling Guide Recommendati.docx
Computer Security Incident Handling Guide Recommendati.docxpatricke8
 
NPV, IRR, Payback period,— PA1Correlates with CLA2 (NPV portion.docx
NPV, IRR, Payback period,— PA1Correlates with CLA2 (NPV portion.docxNPV, IRR, Payback period,— PA1Correlates with CLA2 (NPV portion.docx
NPV, IRR, Payback period,— PA1Correlates with CLA2 (NPV portion.docxpicklesvalery
 
Now that you have had the opportunity to review various Cyber At.docx
Now that you have had the opportunity to review various Cyber At.docxNow that you have had the opportunity to review various Cyber At.docx
Now that you have had the opportunity to review various Cyber At.docxpicklesvalery
 

More Related Content

Similar to NIST Special Publication 800-34 Rev. 1 Contingency.docx

Guide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docxGuide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docxwhittemorelucilla
 
NIST Risk management Framework NIST 800-30, rev. 1
NIST Risk management Framework NIST 800-30, rev. 1NIST Risk management Framework NIST 800-30, rev. 1
NIST Risk management Framework NIST 800-30, rev. 1David Sweigert
 
NIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docxNIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docxvannagoforth
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184David Sweigert
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)David Sweigert
 
3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdf3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdfAdmin621695
 
Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171RepentSinner
 
NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docx NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docxrobert345678
 
NIST Special Publication 800-53 Revision 4 Securit.docx
NIST Special Publication 800-53 Revision 4 Securit.docxNIST Special Publication 800-53 Revision 4 Securit.docx
NIST Special Publication 800-53 Revision 4 Securit.docxvannagoforth
 
NIST Special Publication 800-53 Revision 5
NIST Special Publication 800-53 Revision 5NIST Special Publication 800-53 Revision 5
NIST Special Publication 800-53 Revision 5VICTOR MAESTRE RAMIREZ
 
SP 800-150, the Guide to Cyber Threat Information Sharing
SP 800-150, the Guide to Cyber Threat Information SharingSP 800-150, the Guide to Cyber Threat Information Sharing
SP 800-150, the Guide to Cyber Threat Information SharingDavid Sweigert
 
NIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxNIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxgibbonshay
 
NIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxNIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxvannagoforth
 
Sp800 55 Rev1 Performance Measurement Guide For Information Security
Sp800 55 Rev1 Performance Measurement Guide For Information SecuritySp800 55 Rev1 Performance Measurement Guide For Information Security
Sp800 55 Rev1 Performance Measurement Guide For Information SecurityJoao Couto
 
Computer Security Incident Handling Guide Recommendati.docx
Computer Security Incident Handling Guide Recommendati.docxComputer Security Incident Handling Guide Recommendati.docx
Computer Security Incident Handling Guide Recommendati.docxpatricke8
 

Similar to NIST Special Publication 800-34 Rev. 1 Contingency.docx (20)

Guide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docxGuide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docx
 
NIST Risk management Framework NIST 800-30, rev. 1
NIST Risk management Framework NIST 800-30, rev. 1NIST Risk management Framework NIST 800-30, rev. 1
NIST Risk management Framework NIST 800-30, rev. 1
 
oow
oowoow
oow
 
NIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docxNIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docx
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184
 
NIST.SP.800-37r2.pdf
NIST.SP.800-37r2.pdfNIST.SP.800-37r2.pdf
NIST.SP.800-37r2.pdf
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
Nist.sp.800 124r1
Nist.sp.800 124r1Nist.sp.800 124r1
Nist.sp.800 124r1
 
NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)
 
Nist ir
Nist irNist ir
Nist ir
 
3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdf3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdf
 
Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171
 
NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docx NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docx
 
NIST Special Publication 800-53 Revision 4 Securit.docx
NIST Special Publication 800-53 Revision 4 Securit.docxNIST Special Publication 800-53 Revision 4 Securit.docx
NIST Special Publication 800-53 Revision 4 Securit.docx
 
NIST Special Publication 800-53 Revision 5
NIST Special Publication 800-53 Revision 5NIST Special Publication 800-53 Revision 5
NIST Special Publication 800-53 Revision 5
 
SP 800-150, the Guide to Cyber Threat Information Sharing
SP 800-150, the Guide to Cyber Threat Information SharingSP 800-150, the Guide to Cyber Threat Information Sharing
SP 800-150, the Guide to Cyber Threat Information Sharing
 
NIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxNIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docx
 
NIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxNIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docx
 
Sp800 55 Rev1 Performance Measurement Guide For Information Security
Sp800 55 Rev1 Performance Measurement Guide For Information SecuritySp800 55 Rev1 Performance Measurement Guide For Information Security
Sp800 55 Rev1 Performance Measurement Guide For Information Security
 
Computer Security Incident Handling Guide Recommendati.docx
Computer Security Incident Handling Guide Recommendati.docxComputer Security Incident Handling Guide Recommendati.docx
Computer Security Incident Handling Guide Recommendati.docx
 

More from picklesvalery

NPV, IRR, Payback period,— PA1Correlates with CLA2 (NPV portion.docx
NPV, IRR, Payback period,— PA1Correlates with CLA2 (NPV portion.docxNPV, IRR, Payback period,— PA1Correlates with CLA2 (NPV portion.docx
NPV, IRR, Payback period,— PA1Correlates with CLA2 (NPV portion.docxpicklesvalery
 
Now that you have had the opportunity to review various Cyber At.docx
Now that you have had the opportunity to review various Cyber At.docxNow that you have had the opportunity to review various Cyber At.docx
Now that you have had the opportunity to review various Cyber At.docxpicklesvalery
 
Now that you have completed a series of assignments that have led yo.docx
Now that you have completed a series of assignments that have led yo.docxNow that you have completed a series of assignments that have led yo.docx
Now that you have completed a series of assignments that have led yo.docxpicklesvalery
 
Now that you have completed your paper (ATTACHED), build and deliver.docx
Now that you have completed your paper (ATTACHED), build and deliver.docxNow that you have completed your paper (ATTACHED), build and deliver.docx
Now that you have completed your paper (ATTACHED), build and deliver.docxpicklesvalery
 
Now that you have identified the revenue-related internal contro.docx
Now that you have identified the revenue-related internal contro.docxNow that you have identified the revenue-related internal contro.docx
Now that you have identified the revenue-related internal contro.docxpicklesvalery
 
Now that you have read about Neandertals and modern Homo sapiens.docx
Now that you have read about Neandertals and modern Homo sapiens.docxNow that you have read about Neandertals and modern Homo sapiens.docx
Now that you have read about Neandertals and modern Homo sapiens.docxpicklesvalery
 
Now that you have had an opportunity to explore ethics formally, cre.docx
Now that you have had an opportunity to explore ethics formally, cre.docxNow that you have had an opportunity to explore ethics formally, cre.docx
Now that you have had an opportunity to explore ethics formally, cre.docxpicklesvalery
 
Novel Literary Exploration EssayWrite a Literary Exploration Ess.docx
Novel Literary Exploration EssayWrite a Literary Exploration Ess.docxNovel Literary Exploration EssayWrite a Literary Exploration Ess.docx
Novel Literary Exploration EssayWrite a Literary Exploration Ess.docxpicklesvalery
 
Notifications My CommunityHomeBBA 3551-16P-5A19-S3, Inform.docx
Notifications My CommunityHomeBBA 3551-16P-5A19-S3, Inform.docxNotifications My CommunityHomeBBA 3551-16P-5A19-S3, Inform.docx
Notifications My CommunityHomeBBA 3551-16P-5A19-S3, Inform.docxpicklesvalery
 
November-December 2013 • Vol. 22No. 6 359Beverly Waller D.docx
November-December 2013 • Vol. 22No. 6 359Beverly Waller D.docxNovember-December 2013 • Vol. 22No. 6 359Beverly Waller D.docx
November-December 2013 • Vol. 22No. 6 359Beverly Waller D.docxpicklesvalery
 
NOTEPlease pay attention to the assignment instructionsZero.docx
NOTEPlease pay attention to the assignment instructionsZero.docxNOTEPlease pay attention to the assignment instructionsZero.docx
NOTEPlease pay attention to the assignment instructionsZero.docxpicklesvalery
 
NOTE Use below Textbooks only. 400 WordsTopic Which doctrine.docx
NOTE Use below Textbooks only. 400 WordsTopic Which doctrine.docxNOTE Use below Textbooks only. 400 WordsTopic Which doctrine.docx
NOTE Use below Textbooks only. 400 WordsTopic Which doctrine.docxpicklesvalery
 
NOTE Everything in BOLD are things that I need to turn in for m.docx
NOTE Everything in BOLD are things that I need to turn in for m.docxNOTE Everything in BOLD are things that I need to turn in for m.docx
NOTE Everything in BOLD are things that I need to turn in for m.docxpicklesvalery
 
Note Be sure to focus only on the causes of the problem in this.docx
Note Be sure to focus only on the causes of the problem in this.docxNote Be sure to focus only on the causes of the problem in this.docx
Note Be sure to focus only on the causes of the problem in this.docxpicklesvalery
 
Note I’ll provide my sources in the morning, and lmk if you hav.docx
Note I’ll provide my sources in the morning, and lmk if you hav.docxNote I’ll provide my sources in the morning, and lmk if you hav.docx
Note I’ll provide my sources in the morning, and lmk if you hav.docxpicklesvalery
 
Note Here, the company I mentioned was Qualcomm 1. Email is the.docx
Note Here, the company I mentioned was Qualcomm 1. Email is the.docxNote Here, the company I mentioned was Qualcomm 1. Email is the.docx
Note Here, the company I mentioned was Qualcomm 1. Email is the.docxpicklesvalery
 
Note Please follow instructions to the T.Topic of 3 page pape.docx
Note Please follow instructions to the T.Topic of 3 page pape.docxNote Please follow instructions to the T.Topic of 3 page pape.docx
Note Please follow instructions to the T.Topic of 3 page pape.docxpicklesvalery
 
Note A full-sentence outline differs from bullet points because e.docx
Note A full-sentence outline differs from bullet points because e.docxNote A full-sentence outline differs from bullet points because e.docx
Note A full-sentence outline differs from bullet points because e.docxpicklesvalery
 
Notable photographers 1980 to presentAlmas, ErikAraki, No.docx
Notable photographers 1980 to presentAlmas, ErikAraki, No.docxNotable photographers 1980 to presentAlmas, ErikAraki, No.docx
Notable photographers 1980 to presentAlmas, ErikAraki, No.docxpicklesvalery
 
Note 2 political actions that are in line with Socialism and explain.docx
Note 2 political actions that are in line with Socialism and explain.docxNote 2 political actions that are in line with Socialism and explain.docx
Note 2 political actions that are in line with Socialism and explain.docxpicklesvalery
 

More from picklesvalery (20)

NPV, IRR, Payback period,— PA1Correlates with CLA2 (NPV portion.docx
NPV, IRR, Payback period,— PA1Correlates with CLA2 (NPV portion.docxNPV, IRR, Payback period,— PA1Correlates with CLA2 (NPV portion.docx
NPV, IRR, Payback period,— PA1Correlates with CLA2 (NPV portion.docx
 
Now that you have had the opportunity to review various Cyber At.docx
Now that you have had the opportunity to review various Cyber At.docxNow that you have had the opportunity to review various Cyber At.docx
Now that you have had the opportunity to review various Cyber At.docx
 
Now that you have completed a series of assignments that have led yo.docx
Now that you have completed a series of assignments that have led yo.docxNow that you have completed a series of assignments that have led yo.docx
Now that you have completed a series of assignments that have led yo.docx
 
Now that you have completed your paper (ATTACHED), build and deliver.docx
Now that you have completed your paper (ATTACHED), build and deliver.docxNow that you have completed your paper (ATTACHED), build and deliver.docx
Now that you have completed your paper (ATTACHED), build and deliver.docx
 
Now that you have identified the revenue-related internal contro.docx
Now that you have identified the revenue-related internal contro.docxNow that you have identified the revenue-related internal contro.docx
Now that you have identified the revenue-related internal contro.docx
 
Now that you have read about Neandertals and modern Homo sapiens.docx
Now that you have read about Neandertals and modern Homo sapiens.docxNow that you have read about Neandertals and modern Homo sapiens.docx
Now that you have read about Neandertals and modern Homo sapiens.docx
 
Now that you have had an opportunity to explore ethics formally, cre.docx
Now that you have had an opportunity to explore ethics formally, cre.docxNow that you have had an opportunity to explore ethics formally, cre.docx
Now that you have had an opportunity to explore ethics formally, cre.docx
 
Novel Literary Exploration EssayWrite a Literary Exploration Ess.docx
Novel Literary Exploration EssayWrite a Literary Exploration Ess.docxNovel Literary Exploration EssayWrite a Literary Exploration Ess.docx
Novel Literary Exploration EssayWrite a Literary Exploration Ess.docx
 
Notifications My CommunityHomeBBA 3551-16P-5A19-S3, Inform.docx
Notifications My CommunityHomeBBA 3551-16P-5A19-S3, Inform.docxNotifications My CommunityHomeBBA 3551-16P-5A19-S3, Inform.docx
Notifications My CommunityHomeBBA 3551-16P-5A19-S3, Inform.docx
 
November-December 2013 • Vol. 22No. 6 359Beverly Waller D.docx
November-December 2013 • Vol. 22No. 6 359Beverly Waller D.docxNovember-December 2013 • Vol. 22No. 6 359Beverly Waller D.docx
November-December 2013 • Vol. 22No. 6 359Beverly Waller D.docx
 
NOTEPlease pay attention to the assignment instructionsZero.docx
NOTEPlease pay attention to the assignment instructionsZero.docxNOTEPlease pay attention to the assignment instructionsZero.docx
NOTEPlease pay attention to the assignment instructionsZero.docx
 
NOTE Use below Textbooks only. 400 WordsTopic Which doctrine.docx
NOTE Use below Textbooks only. 400 WordsTopic Which doctrine.docxNOTE Use below Textbooks only. 400 WordsTopic Which doctrine.docx
NOTE Use below Textbooks only. 400 WordsTopic Which doctrine.docx
 
NOTE Everything in BOLD are things that I need to turn in for m.docx
NOTE Everything in BOLD are things that I need to turn in for m.docxNOTE Everything in BOLD are things that I need to turn in for m.docx
NOTE Everything in BOLD are things that I need to turn in for m.docx
 
Note Be sure to focus only on the causes of the problem in this.docx
Note Be sure to focus only on the causes of the problem in this.docxNote Be sure to focus only on the causes of the problem in this.docx
Note Be sure to focus only on the causes of the problem in this.docx
 
Note I’ll provide my sources in the morning, and lmk if you hav.docx
Note I’ll provide my sources in the morning, and lmk if you hav.docxNote I’ll provide my sources in the morning, and lmk if you hav.docx
Note I’ll provide my sources in the morning, and lmk if you hav.docx
 
Note Here, the company I mentioned was Qualcomm 1. Email is the.docx
Note Here, the company I mentioned was Qualcomm 1. Email is the.docxNote Here, the company I mentioned was Qualcomm 1. Email is the.docx
Note Here, the company I mentioned was Qualcomm 1. Email is the.docx
 
Note Please follow instructions to the T.Topic of 3 page pape.docx
Note Please follow instructions to the T.Topic of 3 page pape.docxNote Please follow instructions to the T.Topic of 3 page pape.docx
Note Please follow instructions to the T.Topic of 3 page pape.docx
 
Note A full-sentence outline differs from bullet points because e.docx
Note A full-sentence outline differs from bullet points because e.docxNote A full-sentence outline differs from bullet points because e.docx
Note A full-sentence outline differs from bullet points because e.docx
 
Notable photographers 1980 to presentAlmas, ErikAraki, No.docx
Notable photographers 1980 to presentAlmas, ErikAraki, No.docxNotable photographers 1980 to presentAlmas, ErikAraki, No.docx
Notable photographers 1980 to presentAlmas, ErikAraki, No.docx
 
Note 2 political actions that are in line with Socialism and explain.docx
Note 2 political actions that are in line with Socialism and explain.docxNote 2 political actions that are in line with Socialism and explain.docx
Note 2 political actions that are in line with Socialism and explain.docx
 

Recently uploaded

Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 

Recently uploaded (20)

Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 

NIST Special Publication 800-34 Rev. 1 Contingency.docx

  • 1. NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson Pauline Bowen Amy Wohl Phillips Dean Gallup David Lynes NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson Pauline Bowen Amy Wohl Phillips
  • 2. Dean Gallup David Lynes May 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Director Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. There are references in this publication to documents currently under development by NIST in accordance with responsibilities assigned to NIST under the
  • 3. Federal Information Security Management Act of 2002. The methodologies in this document may be used even before the completion of such companion documents. Thus, until such time as each document is completed, current requirements, guidelines, and procedures (where they exist) remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new documents by NIST. Individuals are also encouraged to review the public draft documents and offer their comments to NIST. All NIST documents mentioned in this publication, other than the ones noted above, are available at http://csrc.nist.gov/publications. National Institute of Standards and Technology Special Publication 800-34 Natl. Inst. Stand. Technol. Spec. Publ. 800-34, 150 pages (May 2010) CODEN: NSPUE2 http://csrc.nist.gov/publications CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS
  • 4. Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. ii CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS
  • 5. Authority This document has been developed by the National Institute of Standards and Technology (NIST) in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets, but such standards and guidelines shall not apply to national security systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A- 130, Section 8b(3), “Securing Agency Information Systems,” as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in A-130, Appendix III. This guideline has been prepared for use by federal agencies. It may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright. Attribution would be appreciated by NIST. Nothing in this document should be taken to contradict standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official.
  • 6. NIST Special Publication 800-34, Revision 1, 150 pages (May 2010) National Institute of Standards and Technology Attn: Computer Security Division, Information Technology Laboratory 100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899- 8930 iii CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Compliance with NIST Standards and Guidelines NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA) of 2002 and in managing cost- effective programs to protect their information and information systems. • Federal Information Processing Standards (FIPS) are developed by NIST in accordance with FISMA. FIPS are approved by the Secretary of Commerce and
  • 7. are compulsory and binding for federal agencies. Since FISMA requires that federal agencies comply with these standards, agencies may not waive their use. • Guidance documents and recommendations are issued in the NIST Special Publication (SP) 800- series. Office of Management and Budget (OMB) policies (including OMB FISMA Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management) state that, for other than national security programs and systems, agencies must follow NIST guidance.1 • Other security-related publications, including NIST interagency and internal reports (NISTIRs) and ITL Bulletins, provide technical and other information about NIST’s activities. These publications are mandatory only when so specified by OMB. 1 While agencies are required to follow NIST guidance in accordance with OMB policy, there is flexibility within NIST’s guidance in how agencies apply the guidance. Unless otherwise specified by OMB, the 800-series guidance documents published by NIST generally allow agencies some latitude in the application. Consequently, the application of NIST guidance by agencies can result in different security solutions that are equally acceptable, compliant with the guidance, and meet the
  • 8. OMB definition of adequate security for federal information systems. When assessing federal agency compliance with NIST guidance, auditors, evaluators, and assessors should consider the intent of the security concepts and principles articulated within the particular guidance document and how the agency applied the guidance in the context of its specific mission responsibilities, operational environments, and unique organizational conditions. iv CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Acknowledgements The authors, Marianne Swanson and Pauline Bowen of the National Institute of Standards and Technology (NIST), Amy Wohl Phillips, Dean Gallup, and David Lynes of Booz Allen Hamilton, wish to thank their colleagues who reviewed drafts of this document and contributed to its technical content. The authors would like to acknowledge Kelley Dempsey, Esther Katzman, Peter Mell, Murugiah Souppaya, Lee Badger, and Elizabeth Lennon of NIST, and David Linthicum of Booz Allen Hamilton for their keen and insightful assistance with technical issues throughout the development of the document. v
  • 9. CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Table of Contents Executive Summary ............................................................................................... ..................... 1 Chapter 1. Introduction ............................................................................................... ..... 1 1.1 Purpose................................................................................... .................................... 1 1.2 Scope ............................................................................................... ........................... 2 1.3 Audience ............................................................................................... ...................... 3 1.4 Document Structure ............................................................................................... ..... 4 Chapter 2. Background ............................................................................................... ..... 5 2.1 Contingency Planning and Resilience ........................................................................ 5 2.2 Types of Plans ............................................................................................... ............. 7
  • 10. 2.2.1 Business Continuity Plan (BCP) ...................................................................... 8 2.2.2 Continuity of Operations (COOP) Plan ............................................................ 8 2.2.3 Crisis Communications Plan............................................................................ 9 2.2.4 Critical Infrastructure Protection (CIP) Plan..................................................... 9 2.2.5 Cyber Incident Response Plan ...................................................................... 10 2.2.6 Disaster Recovery Plan (DRP) ...................................................................... 10 2.2.7 Information System Contingency Plan (ISCP)............................................... 10 2.2.8 Occupant Emergency Plan (OEP) ................................................................. 10 Chapter 3. Information System Contingency Planning Process................................ 13 3.1 Develop the Contingency Planning Policy Statement ............................................... 14 3.2 Conduct the Business Impact Analysis (BIA)............................................................ 15 3.2.1 Determine Business Processes and Recovery Criticality .............................. 16 3.2.2 Identify Resource Requirements ................................................................... 19 3.2.3 Identify System Resource Recovery Priorities .............................................. 19 3.3 Identify Preventive Controls ...................................................................................... 19 3.4 Create Contingency Strategies ................................................................................. 20
  • 11. 3.4.1 Backup and Recovery ................................................................................... 20 3.4.2 Backup Methods and Offsite Storage ............................................................ 21 3.4.3 Alternate Sites ............................................................................................... 21 3.4.4 Equipment Replacement ............................................................................... 24 3.4.5 Cost Considerations ...................................................................................... 25 3.4.6 Roles and Responsibilities ............................................................................ 26 3.5 Plan Testing, Training, and Exercises (TT&E) .......................................................... 27 3.5.1 Testing.................................................................................... ....................... 27 3.5.2 Training.................................................................................. ........................ 28 3.5.3 Exercises ............................................................................................... ........ 29 3.5.4 TT&E Program Summary .............................................................................. 29 3.6 Plan Maintenance ............................................................................................... ...... 31 Chapter 4. Information System Contingency Plan Development............................... 34 4.1 Supporting
  • 12. Information............................................................................. ................. 35 4.2 Activation and Notification Phase ............................................................................. 36 4.2.1 Activation Criteria and Procedure .................................................................. 36 4.2.2 Notification Procedures ................................................................................. 36 4.2.3 Outage Assessment ...................................................................................... 38 4.3 Recovery Phase...................................................................................... .................. 39 4.3.1 Sequence of Recovery Activities ................................................................... 39 vi Mirco Escobedo Highlight Mirco Escobedo Highlight CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS 4.3.2 Recovery Procedures .................................................................................... 39 4.3.3 Recovery Escalation and Notification ............................................................ 40
  • 13. 4.4 Reconstitution Phase ............................................................................................... . 41 4.5 Plan Appendices ............................................................................................... ........ 42 Chapter 5. Technical Contingency Planning Considerations..................................... 43 5.1 Common Considerations .......................................................................................... 43 5.1.1 Use of the BIA ......................................................................................... ...... 44 5.1.2 Maintenance of Data Security, Integrity, and Backup.................................... 44 5.1.3 Protection of Resources ................................................................................ 46 5.1.4 Adherence to Security Controls ..................................................................... 46 5.1.5 Identification of Alternate Storage and Processing Facilities......................... 46 5.1.6 Use of High Availability (HA) Processes........................................................ 48 5.2 Client/Server Systems .............................................................................................. 48 5.2.1 Client/Server Systems Contingency Considerations ..................................... 49 5.2.2 Client/Server Systems Contingency
  • 14. Solution s .............................................. 51 5.3 Telecommunications Systems .................................................................................. 52 5.3.1 Telecommunications Contingency Considerations........................................ 53 5.3.2 Telecommunications Contingency