Back

Document the mean time to failure for system components.


CONTROL ID
10684
CONTROL TYPE
Systems Continuity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Define and prioritize critical business functions., CC ID: 00736

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Does the IRS and associated procedures include thresholds, assessment, activation, resource provision and communication? (Operation ¶ 20, ISO 22301: Self-assessment questionnaire)
  • There shall be a defined and documented method for determining the impact of any disruption to the organization that must incorporate the following: - Identify critical products and services - Identify all dependencies, including processes, applications, business partners, and third party service … (BCR-09, Cloud Controls Matrix, v3.0)
  • - ensuring that policies and objectives are established for the business continuity management system and are compatible with the strategic direction of the organization, - ensuring the integration of the business continuity management system requirements into the organization’s business processes… (§ 5.2 ¶ 1, ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • When a component integrates into a higher level system to provide the account management capabilities there needs to be consideration for the impact to the component in the event that the higher level system capability becomes unavailable. (5.5.2 ¶ 3, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • Determines mean time to failure (MTTF) for [Assignment: organization-defined information system components] in specific environments of operation; and (SI-13a. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization determines mean time to failure (MTTF) for {organizationally documented information system components} in specific environments of operation. (SI-13a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • Determines mean time to failure (MTTF) for [Assignment: organization-defined information system components] in specific environments of operation; and (SI-13a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Determine mean time to failure (MTTF) for the following system components in specific environments of operation: [Assignment: organization-defined system components]; and (SI-13a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Determine mean time to failure (MTTF) for the following system components in specific environments of operation: [Assignment: organization-defined system components]; and (SI-13a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)