Back

Restore systems and environments to be operational.


CONTROL ID
13476
CONTROL TYPE
Systems Continuity
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a continuity plan., CC ID: 00752

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • When necessary, restoring lost or corrupted information from backup media to return the application to production status (Information custodian ¶ 1Bullet 2, Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • if the infection cannot be reliably removed, systems are restored from a known good backup or rebuilt. (Security Control: 0917; Revision: 7; Bullet 4, Australian Government Information Security Manual)
  • Policies and instructions with technical and organisational safeguards in order to avoid losing data are documented, communicated and provided according to SA-01. They provide reliable procedures for the regular backup (backup as well as snapshots, where applicable) and restoration of data. The scop… (Section 5.6 RB-06 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
  • The control system shall provide the capability to recover and reconstitute to a known secure state after a disruption or failure. (11.6.1 ¶ 1, IEC 62443-3-3: Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels, Edition 1)
  • Components shall provide the capability to be recovered and reconstituted to a known secure state after a disruption or failure. (11.6.1 ¶ 1, IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components, Edition 1.0)
  • Components shall provide the capability to be recovered and reconstituted to a known secure state after a disruption or failure. (11.6.1 ¶ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • The organization provides the capability to restore information system components within [Assignment: organization-defined restoration time-periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The activities restore the affected environment to functional operation by rebuilding systems, updating software, installing patches, and changing configurations, as needed. (CC7.5 Restores the Affected Environment, Trust Services Criteria)
  • Procedures are in place to restore data and business operations to an interim state that permits the achievement of entity objectives. (CC7.4 Restores Operations, Trust Services Criteria)
  • The activities restore the affected environment to functional operation by rebuilding systems, updating software, installing patches, and changing configurations, as needed. (CC7.5 ¶ 2 Bullet 1 Restores the Affected Environment, Trust Services Criteria, (includes March 2020 updates))
  • Procedures are in place to restore data and business operations to an interim state that permits the achievement of entity objectives. (CC7.4 ¶ 2 Bullet 5 Restores Operations, Trust Services Criteria, (includes March 2020 updates))
  • The organization provides the capability to restore information system components within [FedRAMP Assignment: time period consistent with the restoration time-periods defined in the service provider and organization SLA] from configuration-controlled and integrity-protected information representing … (CP-10(4) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Provide the capability to restore system components within [Assignment: organization-defined restoration time periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • The organization provides the capability to restore information system components within [Assignment: organization-defined restoration time-periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1 High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Provides substitute information system components and a means to exchange active and standby components at [Assignment: organization-defined MTTF substitution criteria]. (SI-13b. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Perform system administration on specialized cyber defense applications and systems (e.g., antivirus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup, and restoration. (T0180, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Perform system administration on specialized cyber defense applications and systems (e.g., antivirus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup, and restoration. (T0180, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • The organization provides the capability to restore information system components within [Assignment: organization-defined restoration time-periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The organization provides the capability to restore information system components within [Assignment: organization-defined restoration time-periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The organization manually initiates transfers between active and standby information system components [Assignment: organization-defined frequency] if the mean time to failure exceeds [Assignment: organization-defined time period]. (SI-13(3) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Provides substitute information system components and a means to exchange active and standby components at [Assignment: organization-defined MTTF substitution criteria]. (SI-13b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Provide the capability to restore system components within [Assignment: organization-defined restoration time periods] from configuration-controlled and integrity-protected information representing a known, operational state for the components. (CP-10(4) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Provide substitute system components and a means to exchange active and standby components in accordance with the following criteria: [Assignment: organization-defined MTTF substitution criteria]. (SI-13b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Manually initiate transfers between active and standby system components when the use of the active component reaches [Assignment: organization-defined percentage] of the mean time to failure. (SI-13(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)