Doc:NIST SP 800-53r3 Appendix F/CP-4
CP-4 CONTINGENCY PLAN TESTING AND EXERCISES
- Control: The organization:
- a. Tests and/or exercises the contingency plan for the information system [Assignment: organization-defined frequency] using [Assignment: organization-defined tests and/or exercises] to determine the plan's effectiveness and the organization's readiness to execute the plan; and
- b. Reviews the contingency plan test/exercise results and initiates corrective actions.
- Supplemental Guidance: There are several methods for testing and/or exercising contingency plans to identify potential weaknesses (e.g., checklist, walk-through/tabletop, simulation: parallel, full interrupt). Contingency plan testing and/or exercises include a determination of the effects on organizational operations and assets (e.g., reduction in mission capability) and individuals arising due to contingency operations in accordance with the plan.
- Control Enhancements: