Back

Test new hardware or upgraded hardware and software for implementation of predefined continuity arrangements.


CONTROL ID
06744
CONTROL TYPE
Testing
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain facilities, assets, and services acceptance procedures., CC ID: 01144

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The likelihood of critical business applications and technical infrastructure malfunctioning should be reduced by employing up-to-date makes / models of hardware and software (i.e., rather than using obsolete and unsupported products) that are easily maintained and can meet the requirements of criti… (CF.20.03.02a, The Standard of Good Practice for Information Security)
  • The likelihood of critical business applications and technical infrastructure malfunctioning should be reduced by giving high priority to reliability, compatibility (e.g., with other hardware / software used by the organization), and capacity (e.g., network bandwidth) during the acquisition process. (CF.20.03.02b, The Standard of Good Practice for Information Security)
  • The resilience of critical business processes should be improved by using fault tolerant Information Systems (e.g., by using multiple processors, hard disk drives, Network Interface Cards, memory, and expansion cards). (CF.20.03.04a, The Standard of Good Practice for Information Security)
  • The resilience of critical business processes should be improved by using fault tolerant data storage systems (eg by using disk mirroring, raid technology, hot swappable hard disk drives, and creating multiple access paths to storage using multiple dual host bus adaptors and switches). (CF.20.03.04b, The Standard of Good Practice for Information Security)
  • The resilience of critical business processes should be improved by using fault tolerant telephone exchange components (e.g., processors and function cards). (CF.20.03.04c, The Standard of Good Practice for Information Security)
  • The likelihood of critical business applications and technical infrastructure malfunctioning should be reduced by employing up-to-date makes / models of hardware and software (i.e., rather than using obsolete and unsupported products) that are easily maintained and can meet the requirements of criti… (CF.20.03.02a, The Standard of Good Practice for Information Security, 2013)
  • The likelihood of critical business applications and technical infrastructure malfunctioning should be reduced by giving high priority to reliability, compatibility (e.g., with other hardware / software used by the organization), and capacity (e.g., network bandwidth) during the acquisition process. (CF.20.03.02b, The Standard of Good Practice for Information Security, 2013)
  • The resilience of critical business processes should be improved by using fault tolerant Information Systems (e.g., by using multiple processors, hard disk drives, Network Interface Cards, memory, and expansion cards). (CF.20.03.04a, The Standard of Good Practice for Information Security, 2013)
  • The resilience of critical business processes should be improved by using fault tolerant data storage systems (eg by using disk mirroring, raid technology, hot swappable hard disk drives, and creating multiple access paths to storage using multiple dual host bus adaptors and switches). (CF.20.03.04b, The Standard of Good Practice for Information Security, 2013)
  • The resilience of critical business processes should be improved by using fault tolerant telephone exchange components (e.g., processors and function cards). (CF.20.03.04c, The Standard of Good Practice for Information Security, 2013)
  • New technological developments. (RS.IM-2.1(5), CRI Profile, v1.2)
  • Do the criteria for accepting new Information Systems contain Business Continuity arrangements? (§ G.6.6, Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0)
  • Do the criteria for accepting Information Systems upgrades contain Business Continuity arrangements? (§ G.6.6, Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0)
  • Do the criteria for accepting new versions of Information Systems contain Business Continuity arrangements? (§ G.6.6, Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0)
  • An ISCP should be maintained in a state of readiness, which includes having personnel trained to fulfill their roles and responsibilities within the plan, having plans exercised to validate their content, and having systems and system components tested to ensure their operability in the environment … (§ 3.5 ¶ 1, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • Implementation/Assessment Phase. The recovery strategy selected is now documented into the formal Information System Contingency Plan in coordination with the System Test and Evaluation (ST&E) effort. As the system undergoes an initial testing, contingency strategies also should be exercised to reso… (Appendix F ¶ 7, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))