Back

Include the criteria for activation in the recovery plan.


CONTROL ID
13293
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a recovery plan., CC ID: 13288

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Based on the BIAs (paragraph 78) and plausible scenarios (paragraph 82), financial institutions should develop response and recovery plans. These plans should specify what conditions may prompt activation of the plans and what actions should be taken to ensure the availability, continuity and recove… (3.7.3 83, Final Report EBA Guidelines on ICT and security risk management)
  • Do the plans define roles and responsibilities and a process for activating the response? (Operation ¶ 27, ISO 22301: Self-assessment questionnaire)
  • Does the IRS and associated procedures include thresholds, assessment, activation, resource provision and communication? (Operation ¶ 20, ISO 22301: Self-assessment questionnaire)
  • Tools and processes are in place to ensure timely detection, alert, and activation of the incident response program. (RS.AN-1.1, CRI Profile, v1.2)
  • The recovery plan includes recovery of resilience following a long term loss of capability (e.g., site or third-party) detailing when the plan should be activated and implementation steps. (RC.RP-1.5, CRI Profile, v1.2)
  • The recovery plan includes recovery of resilience following a long term loss of capability (e.g., site or third-party) detailing when the plan should be activated and implementation steps. (RC.RP-1.5, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • Conditions for activation of the recovery plan(s). (CIP-009-6 Table R1 Part 1.1 Requirements ¶ 1., North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Recovery Plans for BES Cyber Systems CIP-009-6, Version 6)
  • Required response to events or conditions of varying duration and severity that would activate the recovery plan. (§ 6.2.6.2 ICS-specific Recommendations and Guidance ¶ 1 Bullet 1, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The ISCP should be activated if one or more of the activation criteria for that system are met. If an activation criterion is met, the designated authority should activate the plan. Activation criteria for system outages or disruptions are unique for each organization and should be stated in the con… (§ 4.2.1 ¶ 1, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • The criteria for initiating incident recovery are applied (RS.MA-05, The NIST Cybersecurity Framework, v2.0)