Overview
Recovery procedures and technical system features exist to ensure that recovery is done in a secure and verifiable manner. Circumstances that can inhibit a trusted recovery are documented and appropriate mitigating procedures have been put in place.
Threat
The integrity of an information system is dependent in large part on the ability to recover system data and functionality in a manner that guarantees its integrity and availability. The absence of trusted recovery mechanisms put the system at risk for data compromise, system software failure, or inability to properly execute mission-essential tasking.
Guidance
1. Recovery procedures and technical system features exist to ensure that recovery shall be done in a secure and verifiable manner.
2. Circumstances that can inhibit a trusted recovery shall be documented and appropriate mitigating procedures have been put in place.
3. Procedures and/or mechanisms shall be provided to assure that, after an ADP system failure or other discontinuity, recovery without a protection compromise is obtained.
DoD classifies this control in the subject area of “Continuity” with a impact of “High”.