{"id":1171,"date":"2024-07-17T16:32:58","date_gmt":"2024-07-17T16:32:58","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1171"},"modified":"2025-02-13T15:58:18","modified_gmt":"2025-02-13T15:58:18","slug":"cp-4-contingency-plan-testing","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/contingency-planning-cp\/cp-4-contingency-plan-testing\/","title":{"rendered":"CP-4: Contingency Plan Testing"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">CP-4: Contingency Plan Testing<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>01\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>TAMUS Required By:<\/strong> &nbsp;08\/01\/2022&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: \u00a0<\/strong>02\/13\/2025<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>Backup and recovery procedures documented in Disaster Recovery Plans will be tested periodically and the overall Disaster Recovery Plan will be tested at least annually in accordance with Texas Department of Information Resources (DIR) Security Control Standards.&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>Annual tests are required for High Impact Information Resources in accordance with <a href=\"https:\/\/policies.tamus.edu\/29-01-03.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Texas A&amp;M University System (TAMUS) Regulation 29.01.03, Information Security<\/a>.&nbsp; Any additional testing requirements for otherwise Low or Moderate Impact Information Resources is at the discretion of the Tarleton Chief Information Officer (CIO)&nbsp;and\/or Chief Information Security Officer (CISO).&nbsp;&nbsp;<\/li>\n\n\n\n<li>The contingency plan will be tested annually through a tabletop exercise and a full interruption of a high impact, on-premise service will be tested at least every three years, in accordance with <a href=\"https:\/\/cyber.tamus.edu\/catalog\/cp\/cp-04\/\" data-type=\"link\" data-id=\"https:\/\/cyber.tamus.edu\/catalog\/cp\/cp-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">TAMUS Control CP-4, Contingency Plan Testing<\/a><\/li>\n\n\n\n<li>Testing methods can include, but are not limited to:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Virtual (e.g. table-top) tests&nbsp;<\/li>\n\n\n\n<li>Actual events&nbsp;or simulations<\/li>\n\n\n\n<li>Risk assessments (that include testing)&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Information resource owners or their designees, in coordination with the Tarleton CISO, are responsible for ensuring that the recovery and reconstitution procedures are tested.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Lessons learned from testing, training, or actual contingency activities will be documented and incorporated into the Disaster Recovery Plan and training. See <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/awareness-and-training-at\/at-3-role-based-training\/\" data-type=\"page\" data-id=\"1071\">Control AT-3, Role-Based Training<\/a> for additional information.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Test results will be sent to the Tarleton CIO for review.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Corrective actions from the review of the test report will be sent to information resource custodian(s) for action. Updates to the Disaster Recovery Plan and procedures for backup and recovery will be made, if necessary.&nbsp;<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\">References\/Additional Resources<\/h3>\n\n\n\n<p><a href=\"https:\/\/policies.tamus.edu\/29-01-03.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">TAMUS Regulation 29.01.03, Information Security<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CP-4: Contingency Plan Testing NIST Baseline: &nbsp;Low&nbsp; DIR Required By: &nbsp;01\/20\/2023&nbsp; TAMUS Required By: &nbsp;08\/01\/2022&nbsp; Review Date: \u00a002\/13\/2025 References\/Additional Resources TAMUS Regulation 29.01.03, Information Security<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1394,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1171","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 1 year ago"},"absolute_dates":{"created":"Posted on July 17, 2024","modified":"Updated on February 13, 2025"},"absolute_dates_time":{"created":"Posted on July 17, 2024 4:32 pm","modified":"Updated on February 13, 2025 3:58 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1171"}],"version-history":[{"count":4,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1171\/revisions"}],"predecessor-version":[{"id":2652,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1171\/revisions\/2652"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1394"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}