CP-05 Contingency Plan Update

Control: The organization reviews the contingency plan for the information system [Assignment: organization-defined frequency, at least annually] and revises the plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing.

Supplemental Guidance: Organizational changes include changes in mission, functions, or business processes supported by the information system. The organization communicates changes to appropriate organizational elements responsible for related plans (e.g., Business Continuity Plan, Disaster Recovery Plan, Continuity of Operations Plan, Business Recovery Plan, Incident Response Plan, Emergency Action Plan).

Control Enhancements: (0) None.

Baseline: LOW CP-5 MOD CP-5 HIGH CP-5

Family: Contingency Planning

Class: Operational

ISO 17799 mapping: 14.1.3, 14.1.5

COBIT 4.1 mapping: DS4.4

PCI-DSS v2 mapping: 12.9.6