Content library
NIST Cybersecurity Framework
PR.IP-10: Response and recovery plan tests

How to fill the requirement

NIST Cybersecurity Framework

PR.IP-10: Response and recovery plan tests

Task name
Priority
Status
Theme
Policy
Other requirements
Testing and reviewing continuity plans related to cyber security breaches
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

PR.IP-10: Response and recovery plan tests
NIST
RS.IM-2: Response strategies update
NIST
RC.IM-2: Recovery strategies
NIST
Article 11: Response and recovery
DORA
2.7: Varautuminen häiriötilanteisiin
TiHL: Tietoturva
1. Task description

The organization must test and update its response to the security breach at scheduled intervals or after significant changes. For critical parts of the organization, operational plans should be tested at least annually. Test results should be documented and communicated to improve the plan.

Regular testing and review of continuity plans
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

17.1.3: Verify, review and evaluate information security continuity
ISO27 Full
​​​​​​​ID.SC-5: Response and recovery
NIST
PR.IP-10: Response and recovery plan tests
NIST
RS.IM-2: Response strategies update
NIST
RC.IM-2: Recovery strategies
NIST
1. Task description

The organisation should regularly, at least annually, test and review its information security continuity plans to ensure that they are valid and effective in adverse situations.

Testing of continuity plans shall involve, as appropriate, stakeholders critical to each plan. The organisation should identify and document the necessary contacts with suppliers and partners

In addition, the adequacy of continuity plans and associated management mechanisms should be reassessed in the event of significant changes in operations.

No items found.