Back

Include server continuity procedures in the continuity plan.


CONTROL ID
01379
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system continuity plan strategies., CC ID: 00735

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • T2: The organization shall provide a backup main unit to handle failures. T3: The organization shall provide substitute functions or backups for important peripherals. T4: The organization shall provide backups for important communication devices to quickly handle failures. T4.1: Communications devi… (T2, T3, T4, T4.1, T6, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • There should be documented standards / procedures for the protection of information associated with the organization's critical infrastructure. (CF.08.03.01, The Standard of Good Practice for Information Security)
  • There should be documented standards / procedures for the protection of information associated with the organization's critical infrastructure. (CF.08.03.01, The Standard of Good Practice for Information Security, 2013)
  • ¶ 9.2 IT System Specific Safeguards. An organization should select safeguards that are IT system component specific. Specific system components include Stand-alone Workstation, Workstation (Client without Shared Resources) Connected to a Network, and Server or Workstation with Shared Resources Conn… (¶ 9.2, ¶ 9.2 Table Row "I and A Based on Something the User Knows", ¶ 9.2 Table Row "I and A Based on Something the User Possesses", ¶ 9.2 Table Row "I and A Based on Something the User Is", ¶ 9.2 Table Row "Access Control Policy", ¶ 9.2 Table Row "User Access to Computers", ¶ 9.2 Table Row "User Access to Data, Services and Applications", ¶ 9.2 Table Row "Reviewing and Updating Access Rights", ¶ 9.2 Table Row "Audit Logs", ¶ 9.2 Table Row "Scanners", ¶ 9.2 Table Row "Integrity Checkers", ¶ 9.2 Table Row "Removable Media Circulation Control", ¶ 9.2 Table Row "Procedural Safeguards", ¶ 9.2 Table Row "Operational Procedures", ¶ 9.2 Table Row "System Planning", ¶ 9.2 Table Row "Network Configuration", ¶ 9.2 Table Row "Network Segregation", ¶ 9.2 Table Row "Network Monitoring", ¶ 9.2 Table Row "Intrusion Detection", ¶ 9.2 Table Row "Data Confidentiality Protection", ¶ 9.2 Table Row "Data Integrity Protection", ¶ 9.2 Table Row "Non-Repudiation", ¶ 9.2 Table Row "Data Authenticity", ¶ 9.2 Table Row "Key Management", ISO 13335-4 Information technology - Guidelines for the management of IT Security - Part 4: Selection of safeguards, 2000)
  • Determine whether the BCP addresses communications and connectivity with TSPs in the event of a disruption at any of the TSP's facilities. (TIER I OBJECTIVES AND PROCEDURES BCP - Third-Party Management and Outsourced Activities Objective 9:7, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Contingency considerations for client/server systems should emphasize data availability, integrity, and confidentiality in the server system and the client. Regular and frequent backups should be stored offsite. The following practices should be considered by the system manager for client/server sys… (§ 5.2, § 5.2.1, § 5.2.2, Contingency Planning Guide for Information Technology Systems, NIST SP 800-34, Rev. 1 (Draft))
  • Manage system/server resources including performance, capacity, availability, serviceability, and recoverability. (T0498, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Contingency considerations for servers in a client/server system rely extensively on LAN and WAN connectivity to communicate with their clients. Because of this, server components must consider system contingency measures similar to those for LANs and WANs. (§ 5.2.1 ¶ 3, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))