>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CP-4Contingency Plan Testing And Exercises

PBMM (P3)
Secret (P3)
Operational

>Control Description

(A) The organization tests the contingency plan for the information system organization-defined frequency using organization-defined tests to determine the effectiveness of the plan and the organizational readiness to execute the plan. (B) The organization reviews the contingency plan test results. (C) The organization initiates corrective actions, if needed.

>Supplemental Guidance

Methods for testing contingency plans to determine the effectiveness of the plans and to identify potential weaknesses in the plans include, for example, walk-through and tabletop exercises, checklists, simulations (parallel, full interrupt), and comprehensive exercises. Organizations conduct testing based on the continuity requirements in contingency plans and include a determination of the effects on organizational operations, assets, and individuals arising due to contingency operations. Organizations have flexibility and discretion in the breadth, depth, and timelines of corrective actions.

Related controls: CP-2, CP-3, IR-3

>Profile-Specific Parameters

(A) frequency [at a frequency no longer than annually]

Ask AI

Configure your API key to use AI features.