Skip to content

Latest commit

 

History

History
48 lines (33 loc) · 2.13 KB

CP-Policy.md

File metadata and controls

48 lines (33 loc) · 2.13 KB

Contingency planning

See CIO 2100.1L – GSA IT Security Policy

  • Chapter 3, Policy for Identify Function, which covers:
    • CP-1
  • Chapter 4, Policy for Protect Function, which covers:
    • CP-2, CP-4, CP-6 CP-7, CP-8, CP-9, CP-12, CP-13
  • Chapter 5, Policy for Detect Function, which covers:
    • CP-2
  • Chapter 6, Policy for Respond Function, which covers:
    • CP-2, CP-3, CP-10
  • Chapter 7, Policy for Recover Function, which covers:
    • CP-2, CP-10

The latest version can be found on the GSA IT Security Policies page.

Purpose

Identify scenarios of likely events that would substantively disrupt the confidentiality, integrity, or availability of the information system. Use those scenarios to conduct actual simulations of said disruptions, and use data collected from the simulation to iteratively improve training, methodologies, but above all - improve the automation of our information systems to self-heal from any disruptions.

Scope

See the Applicability section of the GSA IT Security Policy.

Policy overlay

For information on roles and responsibilities, management commitment, coordination among organizational entities, compliance, reviews, and updates please see the Technology Transformation Service's (TTS) Common Control Policy.


Procedures

See the cloud.gov Contingency Plan.

Version history

Complete version history: https://github.com/cloud-gov/cg-compliance-docs/commits/master/CP-Policy.md

  • 2016-10: Initial version for authorization
  • 2017-09: Security policy link updates
  • 2019-12: Update links to GSA security policy
  • 2020-11: Update links to GitHub and GSA policies, split controls by CSF, add version history
  • 2021-11: Reviewed by @pburkholder, no changes