CP-3(1): Simulated Events

Control Family:

Contingency Planning

Parent Control:

CP-3: Contingency Training

CSF v1.1 References:

PR.AT-5
RS.CO-1

Baselines:

High

Previous Version:

NIST Special Publication 800-53 Revision 4:
CP-3(1): Simulated Events

Control Statement

Incorporate simulated events into contingency training to facilitate effective response by personnel in crisis situations.

Supplemental Guidance

The use of simulated events creates an environment for personnel to experience actual threat events, including cyber-attacks that disable websites, ransomware attacks that encrypt organizational data on servers, hurricanes that damage or destroy organizational facilities, or hardware or software failures.