Back

Disseminate and communicate the recovery plan to interested personnel and affected parties.


CONTROL ID
14859
CONTROL TYPE
Communicate
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a recovery plan., CC ID: 13288

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Establish, document, approve, communicate, apply, evaluate and maintain a disaster response plan to recover from natural and man-made disasters. Update the plan at least annually or upon significant changes. (BCR-09, Cloud Controls Matrix, v4.0)
  • Recovery activities are communicated to internal and external stakeholders as well as and executive and management teams. (RC.CO-3, CRI Profile, v1.2)
  • The organization timely involves and communicates the recovery activities, procedures, cyber risk management issues to the appropriate governing body (e.g., the Board or one of its committees), senior management and relevant internal stakeholders. (RC.CO-3.1, CRI Profile, v1.2)
  • Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholders (RC.CO-03, The NIST Cybersecurity Framework, v2.0)