Back

Include the system description in the continuity plan.


CONTROL ID
16241
CONTROL TYPE
Systems Continuity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a continuity plan., CC ID: 00752

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Identification of Cranking Paths and initial switching requirements between each Blackstart Resource and the unit(s) to be started. (B. R1. 1.5., North American Electric Reliability Corporation Emergency Preparedness and Operations Reliability Standards - System Restoration from Blackstart Resources EOP-005-3)
  • Identification of each Blackstart Resource and its characteristics including but not limited to the following: the name of the Blackstart Resource, location, megawatt and megavar capacity, and type of unit. (B. R1. 1.4., North American Electric Reliability Corporation Emergency Preparedness and Operations Reliability Standards - System Restoration from Blackstart Resources EOP-005-3)
  • System description. It is necessary to include a general description of the information system addressed by the contingency plan. The description should include the information system architecture, location(s), and any other important technical considerations. An input/output (I/O) diagram and syste… (§ 4.1 ¶ 3 Bullet 1, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • Mainframes require different contingency strategies from distributed systems because data is stored in a single location. Contingency strategies should emphasize the mainframe's data storage capabilities and underlying architecture. Redundant system components are critical to ensure that a failure o… (§ 5.4.2 ¶ 1, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • Document systems configurations and vendors. Document the server architecture and the configurations of its various components. In addition, the contingency plan should identify vendors and model specifications to facilitate rapid equipment replacement after a disruption. (§ 5.2.1 ¶ 3 Bullet 2, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • System configuration and hardware component descriptions (Agency Management, Information Technology Organization ¶ 1 Bullet 1, Policy 673: Backup and Recovery, 673-00)
  • identify documents, data, facilities, infrastructure, services, personnel and competencies essential to the continued operations of the covered entity's business; (§ 500.16 Incident Response and Business Continuity Management (a)(2)(i), New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies, Second Amendment)