Information Assurance - COOP Plan Testing (Incomplete)

From Traditional Security

Part of Information Assurance - COOP Plan Testing (Incomplete)

Associated with IA controls: COMS-1, CODP-1, COTR-1, COAS-2, COPS-2, DCAR-1, DCHW-1, COEF-2, COEF-1, COSW-1, CODP-3, CODB-3, COBR-1, COAS-1, COMS-2, COPS-1, CODP-2, COED-2, CODB-2, COSP-2, COSP-1, COEB-2, COEB-1, COED-1, COPS-3, CODB-1

SV-41051r2_rule Information Assurance - COOP Plan Testing (Incomplete)

Vulnerability discussion

Failure to develop a COOP and test it periodically can result in the partial or total loss of operationsand INFOSEC. A contingency plan is necessary to reduce mission impact in the event of systemcompromise or disaster

Check content

This check is for when a reviewer finds that a COOP process is well established, but it does not include a minority of systems or requirements based on system MAC levels. NOTES: 1. This finding/VUL is only applicable when MAC III level systems are connected to the DISN and do not have a COOP and/or the COOP is not tested and the risk for not having a COOP and/or documented testing is not accepted by the DAA in a risk assessment document. It is NA for MAC I and MAC II systems without a COOP. 2. If this finding/VUL is used then VUL V0030997 is NA. 3. This VUL is applicable in a tactical environment if it involves a fixed facility as previously described.

Fix text

ALL systems connected to the DISN must be included in the enclave COOP documentation and testing. If it is determined that MAC Level III systems connected to the DISN do not need to be included in the COOP (plan and/or testing) then the risk for this must specifically be accepted by the DAA in a risk assessment document.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer