CP-03 Contingency Training
Control: The organization trains personnel in their contingency roles and responsibilities with respect to the information system and provides refresher training [Assignment: organization- defined frequency, at least annually].
Supplemental Guidance: None.
Control Enhancements:
(1) The organization incorporates simulated events into contingency training to facilitate effective response by personnel in crisis situations.
(2) The organization employs automated mechanisms to provide a more thorough and realistic training environment.
Baseline: LOW Not Selected MOD CP-3 HIGH CP-3 (1)
Family: Contingency Planning
Class: Operational
ISO 17799 mapping: 14.1.3, 14.1.4
COBIT 4.1 mapping: DS4.6
PCI-DSS v2 mapping: 12.9.4