Back

Reconfigure restored systems to meet the Recovery Time Objectives.


CONTROL ID
11693
CONTROL TYPE
Process or Activity
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain Recovery Time Objectives for all in scope systems., CC ID: 11688

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Recovery point objectives to support data integrity efforts are consistent with the organization's resumption time objective for critical operations. (PR.IP-4.4, CRI Profile, v1.2)
  • Recovery point objectives to support data integrity efforts are consistent with the organization's resumption time objective for critical operations. (PR.IP-4.4, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • For cloud computing services, is there a specific Recovery Time Objective? (§ V.1.55, Shared Assessments Standardized Information Gathering Questionnaire - V. Cloud, 7.0)
  • The recovery point objectives and recovery time objectives should be used to document the appropriate recovery strategy. (Pg 20, Pg 21, FFIEC IT Examination Handbook - Business Continuity Planning, March 2008)
  • Provides substitute information system components and a means to exchange active and standby components at [Assignment: organization-defined MTTF substitution criteria]. (SI-13b. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Ensures that the standby components are successfully and transparently installed within [Assignment: organization-defined time period]; and (SI-13(4)(a), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Provides substitute information system components and a means to exchange active and standby components at [Assignment: organization-defined MTTF substitution criteria]. (SI-13b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Provide substitute system components and a means to exchange active and standby components in accordance with the following criteria: [Assignment: organization-defined MTTF substitution criteria]. (SI-13b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Ensure that the standby components are successfully and transparently installed within [Assignment: organization-defined time period]; and (SI-13(4) ¶ 1(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Provide substitute system components and a means to exchange active and standby components in accordance with the following criteria: [Assignment: organization-defined MTTF substitution criteria]. (SI-13b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Ensure that the standby components are successfully and transparently installed within [Assignment: organization-defined time period]; and (SI-13(4) ¶ 1(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)