CP-3(1): Simulated Events

Control Family:

Contingency Planning

CSF v1.1 References:

CSF v2.0 References:

Baselines:

  • High

Previous Version:

Control Statement

Incorporate simulated events into contingency training to facilitate effective response by personnel in crisis situations.

Supplemental Guidance

The use of simulated events creates an environment for personnel to experience actual threat events, including cyber-attacks that disable websites, ransomware attacks that encrypt organizational data on servers, hurricanes that damage or destroy organizational facilities, or hardware or software failures.