CP-10: System Recovery and Reconstitution
NIST Baseline: Low
DIR Required By: 07/20/2023
Review Date: 07/10/2024
- Information resource owners or their designees, in coordination with the Tarleton Chief Information Security Officer (CISO), are responsible for maintaining a Disaster Recovery Plan (DRP) for High or Moderate Impact information resources. Each DRP will include:
- Procedures for activating information resources at an alternate site to resume and sustain critical business functions during a contingency;
- Recovery resources including license keys if applicable;
- Disaster recovery roles, responsibilities, and assigned individuals with contact information;
- Step-by-step instructions for a full system restoration without deterioration of security controls; and
- Process for validating the recovery.
- For information resources not meeting the definition of High or Moderate Impact, the capability to restore the information resource to a desired operational state shall be established to the extent deemed necessary, based on documented risk management decisions.
- The recovery and reconstitution procedures shall be tested as described in Control CP-4 Contingency Plan Testing.
References/Additional Resources
None. See any applicable internal procedures.