ID.BE-4: Dependencies and critical functions for delivery of critical services are established
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
CP-2: Contingency Plan
Develop a contingency plan for the system that: Identifies essential mission and business functions and associated contingency requirements; Provides recovery objectives, restoration priorities, and metrics; Addresses contingency roles, responsibilities, assigned individuals with contact information; Addresses maintaining essential mission and business functions despite a system disruption, compromise, or failure; Addresses eventual, full system restoration without deterioration…
CP-8: Telecommunications Services
Establish alternate telecommunications services, including necessary agreements to permit the resumption of [Assignment: organization-defined system operations] for essential mission and business functions within [Assignment: organization-defined time period] when the primary telecommunications capabilities are unavailable at either the primary or alternate processing or storage sites.
PE-9: Power Equipment and Cabling
Protect power equipment and power cabling for the system from damage and destruction.
PE-11: Emergency Power
Provide an uninterruptible power supply to facilitate [Assignment (one or more): an orderly shutdown of the system, transition of the system to long-term alternate power] in the event of a primary power source loss.
PM-8: Critical Infrastructure Plan
Address information security and privacy issues in the development, documentation, and updating of a critical infrastructure and key resources protection plan.
RA-9: Criticality Analysis
Identify critical system components and functions by performing a criticality analysis for [Assignment: organization-defined systems, system components, or system services] at [Assignment: organization-defined decision points in the system development life cycle].
SA-20: Customized Development of Critical Components
Reimplement or custom develop the following critical system components: [Assignment: organization-defined critical system components].
SR-2: Supply Chain Risk Management Plan
Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of the following systems, system components or system services: [Assignment: organization-defined systems, system components, or system services]; Review and update the supply chain risk management plan [Assignment: organization-defined frequency] or as…
Cloud Controls Matrix v3.0.1
BCR-01: Business Continuity Planning
A consistent unified framework for business continuity planning and plan development shall be established, documented, and adopted to ensure all business continuity plans are consistent in addressing priorities for testing, maintenance, and information security requirements. Requirements for business continuity plans include the following: Defined purpose and scope, aligned with relevant dependencies Accessible to and understood…
BCR-03: Datacenter Utilities / Environmental Conditions
Data center utilities services and environmental conditions (e.g., water, power, temperature and humidity controls, telecommunications, and internet connectivity) shall be secured, monitored, maintained, and tested for continual effectiveness at planned intervals to ensure protection from unauthorized interception or damage, and designed with automated fail-over or other redundancies in the event of planned or unplanned disruptions.
BCR-08: Equipment Power Failures
Protection measures shall be put into place to react to natural and man-made threats based upon a geographically-specific business impact assessment.
NIST Special Publication 800-53 Revision 4
CP-8: Telecommunications Services
The organization establishes alternate telecommunications services including necessary agreements to permit the resumption of [Assignment: organization-defined information system operations] for essential missions and business functions within [Assignment: organization-defined time period] when the primary telecommunications capabilities are unavailable at either the primary or alternate processing or storage sites.
PE-9: Power Equipment And Cabling
The organization protects power equipment and power cabling for the information system from damage and destruction.
PE-11: Emergency Power
The organization provides a short-term uninterruptible power supply to facilitate [Selection (one or more): an orderly shutdown of the information system; transition of the information system to long-term alternate power] in the event of a primary power source loss.
PM-8: Critical Infrastructure Plan
The organization addresses information security issues in the development, documentation, and updating of a critical infrastructure and key resources protection plan.
SA-14: Criticality Analysis
The organization identifies critical information system components and functions by performing a criticality analysis for [Assignment: organization-defined information systems, information system components, or information system services] at [Assignment: organization-defined decision points in the system development life cycle].