BCR-01: Business Continuity Planning

Control Family:

Business Continuity Management & Operational Resilience

CSF v1.1 References:

ID.AM-5
ID.BE-1
ID.BE-4
ID.BE-5
ID.RA-4
ID.SC-5
PR.DS-4
PR.IP-4
PR.IP-9
RS.CO-1
RS.CO-4
RS.IM-1
RS.IM-2
RS.RP-1
RC.CO-3
RC.IM-2
RC.RP-1

PF v1.0 References:

ID.BE-P1
PR.PO-P3
PR.PO-P7
PR.DS-P4

Control Statement

A consistent unified framework for business continuity planning and plan development shall be established, documented, and adopted to ensure all business continuity plans are consistent in addressing priorities for testing, maintenance, and information security requirements.

Requirements for business continuity plans include the following:

Defined purpose and scope, aligned with relevant dependencies
Accessible to and understood by those who will use them
Owned by a named person(s) who is responsible for their review, update, and approval
Defined lines of communication, roles, and responsibilities
Detailed recovery procedures, manual work-around, and reference information
Method for plan invocation

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4