Back

Utilize automated mechanisms for more realistic continuity plan training.


CONTROL ID
01387
CONTROL TYPE
Behavior
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Train personnel on the continuity plan., CC ID: 00759

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The organization must use automated mechanisms to provide thorough and realistic training environments. (CSR 5.6.1, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
  • Contingency Planning (CP): Organizations must establish, maintain, and effectively implement plans for emergency response, backup operations, and post-disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in… (§ 3, FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006)
  • Organizational records and documents should be examined to ensure automated mechanisms are used to improve the contingency training sessions. Test the automated mechanisms to ensure they are functioning properly. Interviews should be conducted with personnel who lead the training sessions and with … (CP-3(2), CP-3.12, Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A)
  • The organization should use automated mechanisms to provide a more thorough and realistic training environment. (App F § CP-3(2), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization employs automated mechanisms to provide a more thorough and realistic contingency training environment. (CP-3(2), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization employs automated mechanisms to provide a more thorough and realistic contingency training environment. (CP-3(2) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Employ mechanisms used in operations to provide a more thorough and realistic contingency training environment. (CP-3(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Employ mechanisms used in operations to provide a more thorough and realistic contingency training environment. (CP-3(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)