Information Technology Reference
In-Depth Information
Category/
Subcategory/
Element
Control
Reference
Control Summary
Interpretation
CM-8
Information system
component
inventory
The organization develops,
documents, and maintains a
current inventory of the
components of the information
system and relevant ownership
information.
Contingency
planning
Cp
CP-1
Contingency
planning policy and
procedures
The organization develops,
disseminates, and periodically
reviews/updates: (i) a formal,
documented contingency
planning policy that addresses
purpose, scope, roles,
responsibilities, management
commitment, coordination
among organizational entities,
and compliance; and (ii) formal,
documented procedures to
facilitate the implementation of
the contingency planning policy
and associated contingency
planning controls.
CP-2
Contingency plan
The organization develops and
implements a contingency plan
for the information system
addressing contingency roles,
responsibilities, assigned
individuals with contact
information, and activities
associated with restoring the
system after a disruption or
failure. Designated officials within
the organization review and
approve the contingency plan and
distribute copies of the plan to
key contingency personnel.
CP-3
Contingency training The organization trains personnel
in their contingency roles and
responsibilities with respect to
the information system and
provides refresher training
[assignment: organization-
defined frequency, at least
annually].
