{"id":1167,"date":"2024-07-17T16:28:46","date_gmt":"2024-07-17T16:28:46","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1167"},"modified":"2024-09-06T21:15:02","modified_gmt":"2024-09-06T21:15:02","slug":"cp-2-contingency-plan","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/contingency-planning-cp\/cp-2-contingency-plan\/","title":{"rendered":"CP-2: Contingency Plan"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">CP-2: Contingency Plan<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>07\/09\/2024&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>Information resource owners or their designees, in coordination with the Tarleton Chief Information Security Officer (CISO), are responsible for developing and maintaining a contingency plan for High Impact Information Resources. The plan for each system will include:&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>A plan for maintaining essential mission and business functions despite a system disruption, compromise, or failure to the extent feasible, in accordance with <a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/LA\/htm\/LA.412.htm#412.054:~:text=Sec.%20412.054.%20%20CONTINUITY%20OF%20OPERATIONS%20PLAN.\" target=\"_blank\" rel=\"noreferrer noopener\">Section 412.054 of the Labor Code<\/a>;&nbsp;&nbsp;&nbsp;&nbsp;<\/li>\n\n\n\n<li>A Business Impact Analysis including:&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>An assessment of the impact and magnitude of loss or harm that will result if a major or catastrophic event happens;&nbsp;<\/li>\n\n\n\n<li>A listing of essential mission and business functions supported by the information resource and any associated contingency requirements.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Recovery time objectives, recovery point objectives, and restoration priorities;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Relevant contact information for organizations or individuals who provide or receive data and support the resource\u2019s infrastructure;&nbsp;&nbsp;<\/li>\n\n\n\n<li>A listing of dependent information resources; and&nbsp;&nbsp;<\/li>\n\n\n\n<li>Recovery procedures for High Impact information if cryptographic keys are lost.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>A Disaster Recovery Plan as documented in <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/contingency-planning-cp\/cp-10-system-recovery-and-reconstitution\/\" data-type=\"page\" data-id=\"1179\">Control CP-10, System Recovery and Reconstitution<\/a>; and&nbsp;&nbsp;<\/li>\n\n\n\n<li>Steps to coordinate with the Tarleton ITS Security Team and CISO for handling information security incidents.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Contingency plans must be:&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>Reviewed and approved by the Tarleton CISO;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Updated periodically by applicable information resource owners and\/or their designees;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Distributed to key personnel; and&nbsp;&nbsp;<\/li>\n\n\n\n<li>Protected from unauthorized disclosure and modification.&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\">References\/Additional Resources<\/h3>\n\n\n\n<p><a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/LA\/htm\/LA.412.htm#412.054:~:text=Sec.%20412.054.%20%20CONTINUITY%20OF%20OPERATIONS%20PLAN.\" target=\"_blank\" rel=\"noreferrer noopener\">Section 412.054, Labor Code<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CP-2: Contingency Plan NIST Baseline: &nbsp;Low&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: &nbsp;07\/09\/2024&nbsp; References\/Additional Resources Section 412.054, Labor Code&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1394,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1167","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on July 17, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on July 17, 2024 4:28 pm","modified":"Updated on September 6, 2024 9:15 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1167"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1167\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1394"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}