Information Technology Reference
In-Depth Information
Category/
Subcategory/
Element
Control
Reference
Control Summary
Interpretation
CP-8
Telecommunications
services
The organization identifies primary
and alternate telecommunications
services to support the
information system and initiates
necessary agreements to permit
the resumption of system
operations for critical mission/
business functions within
[assignment: organization-
defined time period] when the
primary telecommunications
capabilities are unavailable.
CP-9
Information system
backup
The organization conducts
backups of user-level and system-
level information (including
system state information)
contained in the information
system [assignment: organization-
defined frequency] and protects
backup information at the storage
location.
CP-10
Information system
recovery and
reconstitution
The organization employs
mechanisms with supporting
procedures to allow the
information system to be
recovered and reconstituted to a
known secure state after a
disruption or failure.
identification and
Authentication
iA
IA-1
Identiication and
authentication
policy and
procedures
The organization develops,
disseminates, and periodically
reviews/updates: (i) a formal,
documented identification and
authentication policy that
addresses purpose, scope, roles,
responsibilities, management
commitment, coordination
among organizational entities,
and compliance; and (ii) formal,
documented procedures to
facilitate the implementation of
the identification and
authentication policy and
associated identification and
authentication controls.
