Back

Restore systems and environments to be operational.


CONTROL ID
13476
CONTROL TYPE
Systems Continuity
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a continuity plan., CC ID: 00752

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • It is recommended that firefighting be quickly carried out in the event of fire and that the computer system equipment and data in storage located in an area left free from the fire be available to reuse as soon as possible after extinguishing the fire without any damage. For this purpose, proper fi… (F39.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • When necessary, restoring lost or corrupted information from backup media to return the application to production status (Information custodian ¶ 1Bullet 2, Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • if the infection cannot be reliably removed, systems are restored from a known good backup or rebuilt. (Security Control: 0917; Revision: 7; Bullet 4, Australian Government Information Security Manual, March 2021)
  • if the infection cannot be reliably removed, systems are restored from a known good backup or rebuilt. (Control: ISM-0917; Revision: 7; Bullet 4, Australian Government Information Security Manual, June 2023)
  • if the infection cannot be reliably removed, systems are restored from a known good backup or rebuilt. (Control: ISM-0917; Revision: 7; Bullet 4, Australian Government Information Security Manual, September 2023)
  • Here, the current state of business processes and the correspondingly connected IT systems and applications is described. Often, the level of detail of technical documentations is an issue of dispute. A more practical approach is that other persons with comparable expertise in such area must be able… (§ 5.2.2 ¶ 2 Bullet 2 ¶ 2, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • Policies and instructions with technical and organisational safeguards in order to avoid losing data are documented, communicated and provided according to SA-01. They provide reliable procedures for the regular backup (backup as well as snapshots, where applicable) and restoration of data. The scop… (Section 5.6 RB-06 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
  • You are prepared to restore the operation of your essential function following adverse impact. (B5.a ¶ 1, NCSC CAF guidance, 3.1)
  • The control system shall provide the capability to recover and reconstitute to a known secure state after a disruption or failure. (11.6.1 ¶ 1, IEC 62443-3-3: Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels, Edition 1)
  • Components shall provide the capability to be recovered and reconstituted to a known secure state after a disruption or failure. (11.6.1 ¶ 1, IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components, Edition 1.0)
  • The governing body should ensure that the organization protects and restores those systems on which it depends. In this regard, the governing body should consider and manage risk associated with those decisions it makes that can impact the natural environmental, social and economic systems (see 6.9)… (§ 6.11.3.4 ¶ 1, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • The activities restore the affected environment to functional operation by rebuilding systems, updating software, installing patches, modifying access controls, and changing configurations, as needed. (CC7.5 ¶ 2 Bullet 1 Restores the Affected Environment, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • Procedures are in place to restore data and business operations to an interim state that permits the achievement of entity objectives. (CC7.4 ¶ 3 Bullet 5 Restores Operations, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • Components shall provide the capability to be recovered and reconstituted to a known secure state after a disruption or failure. (11.6.1 ¶ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • The organization provides the capability to restore information system components within [Assignment: organization-defined restoration time-periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The activities restore the affected environment to functional operation by rebuilding systems, updating software, installing patches, and changing configurations, as needed. (CC7.5 Restores the Affected Environment, Trust Services Criteria)
  • Procedures are in place to restore data and business operations to an interim state that permits the achievement of entity objectives. (CC7.4 Restores Operations, Trust Services Criteria)
  • The activities restore the affected environment to functional operation by rebuilding systems, updating software, installing patches, and changing configurations, as needed. (CC7.5 ¶ 2 Bullet 1 Restores the Affected Environment, Trust Services Criteria, (includes March 2020 updates))
  • Procedures are in place to restore data and business operations to an interim state that permits the achievement of entity objectives. (CC7.4 ¶ 2 Bullet 5 Restores Operations, Trust Services Criteria, (includes March 2020 updates))
  • Ensure the security and integrity of the records by means of manual and automated controls that assure the authenticity and quality of the electronic facsimile, detect attempts to alter or remove the records, and provide means to recover altered, damaged, or lost records resulting from any cause; (§ 240.17Ad-7(f)(3)(i), 17 CFR Part 240.17Ad-7 - Record retention)
  • The organization provides the capability to restore information system components within [FedRAMP Assignment: time period consistent with the restoration time-periods defined in the service provider and organization SLA] from configuration-controlled and integrity-protected information representing … (CP-10(4) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Provide the capability to restore system components within [FedRAMP Assignment: time period consistent with the restoration time-periods defined in the service provider and organization SLA] from configuration-controlled and integrity-protected information representing a known, operational state for… (CP-10(4) ¶ 1, FedRAMP Security Controls High Baseline, Version 5)
  • Provide the capability to restore system components within [Assignment: organization-defined restoration time periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • The organization provides the capability to restore information system components within [Assignment: organization-defined restoration time-periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1 High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Provides substitute information system components and a means to exchange active and standby components at [Assignment: organization-defined MTTF substitution criteria]. (SI-13b. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Perform system administration on specialized cyber defense applications and systems (e.g., antivirus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup, and restoration. (T0180, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • The Reconstitution Phase is the third and final phase of ISCP implementation and defines the actions taken to test and validate system capability and functionality. During Reconstitution, recovery activities are completed and normal system operations are resumed. If the original facility is unrecove… (§ 4.4 ¶ 1, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • Perform system administration on specialized cyber defense applications and systems (e.g., antivirus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup, and restoration. (T0180, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • The organization provides the capability to restore information system components within [Assignment: organization-defined restoration time-periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The organization provides the capability to restore information system components within [Assignment: organization-defined restoration time-periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The organization manually initiates transfers between active and standby information system components [Assignment: organization-defined frequency] if the mean time to failure exceeds [Assignment: organization-defined time period]. (SI-13(3) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Provides substitute information system components and a means to exchange active and standby components at [Assignment: organization-defined MTTF substitution criteria]. (SI-13b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Provide the capability to restore system components within [Assignment: organization-defined restoration time periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Provide substitute system components and a means to exchange active and standby components in accordance with the following criteria: [Assignment: organization-defined MTTF substitution criteria]. (SI-13b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Manually initiate transfers between active and standby system components when the use of the active component reaches [Assignment: organization-defined percentage] of the mean time to failure. (SI-13(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Provide the capability to restore system components within [Assignment: organization-defined restoration time periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Provide substitute system components and a means to exchange active and standby components in accordance with the following criteria: [Assignment: organization-defined MTTF substitution criteria]. (SI-13b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Manually initiate transfers between active and standby system components when the use of the active component reaches [Assignment: organization-defined percentage] of the mean time to failure. (SI-13(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • The integrity of restored assets is verified, systems and services are restored, and normal operating status is confirmed (RC.RP-05, The NIST Cybersecurity Framework, v2.0)