Documentation - V-245772

V-245772

Traditional Security Checklist

CAT II

Title

Information Assurance - COOP Plan and Testing (Not in Place for Information Technology Systems or Not Considered in the organizational Holistic Risk Assessment)

Description

<VulnDiscussion>Failure to develop a COOP and test it periodically can result in the partial or total loss of operations and INFOSEC. A contingency plan is necessary to reduce mission impact in the event of system compromise or disaster. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Enclosure C, Paragraphs 15 & 32 NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: CP-2, CP-2(1) through CP-2(8), CP-4, CP-4(1) through CP-4(4), ...

Fix Text (Documentation Requirement)

Continuity of Operations Plans (COOP) must be developed and tested for ALL DODIN connected systems to ensure system and data availability in the event of any type of failure. If no COOP is in place ensure the risk has been (specifically for lack of a COOP) accepted by the responsible Authorizing Official (AO) in a Holistic Risk Assessment of the organization.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel