Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
MIL1 requirements
a. Continuity plans are developed to sustain and restore operation of the function if a cybersecurity event or incident occurs, at least in an ad hoc manner
b. Data backups are available and tested, at least in an ad hoc manner
c. IT and OT assets requiring spares are identified, at least in an ad hoc manner
MIL2 requirements
d. Continuity plans address potential impacts from cybersecurity incidents
e. The assets and activities necessary to sustain minimum operations of the function are identified and documented in continuity plans
f. Continuity plans address IT, OT, and information assets that are important to the delivery of the function, including the availability of backup data and replacement, redundant, and spare IT and OT assets
g. Recovery time objectives (RTOs) and recovery point objectives (RPOs) for assets that are important to the delivery of the function are incorporated into continuity plans
h. Cybersecurity incident criteria that trigger the execution of continuity plans are established and communicated to incident response and continuity management personnel
i. Continuity plans are tested through evaluations and exercises periodically and according to defined triggers, such as system changes and external events
j. Cybersecurity controls protecting backup data are equivalent to or more rigorous than controls protecting source data
k. Data backups are logically or physically separated from source data
l. Spares for selected IT and OT assets are available
MIL3 requirements
m. Continuity plans are aligned with identified risks and the organization’s threat profile (THREAT-2e) to ensure coverage of identified risk categories and threats
n. Continuity plan exercises address higher priority risks
o. The results of continuity plan testing or activation are compared to recovery objectives, and plans are improved accordingly
p. Continuity plans are periodically reviewed and updated
Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
MIL1 requirements
a. Continuity plans are developed to sustain and restore operation of the function if a cybersecurity event or incident occurs, at least in an ad hoc manner
b. Data backups are available and tested, at least in an ad hoc manner
c. IT and OT assets requiring spares are identified, at least in an ad hoc manner
MIL2 requirements
d. Continuity plans address potential impacts from cybersecurity incidents
e. The assets and activities necessary to sustain minimum operations of the function are identified and documented in continuity plans
f. Continuity plans address IT, OT, and information assets that are important to the delivery of the function, including the availability of backup data and replacement, redundant, and spare IT and OT assets
g. Recovery time objectives (RTOs) and recovery point objectives (RPOs) for assets that are important to the delivery of the function are incorporated into continuity plans
h. Cybersecurity incident criteria that trigger the execution of continuity plans are established and communicated to incident response and continuity management personnel
i. Continuity plans are tested through evaluations and exercises periodically and according to defined triggers, such as system changes and external events
j. Cybersecurity controls protecting backup data are equivalent to or more rigorous than controls protecting source data
k. Data backups are logically or physically separated from source data
l. Spares for selected IT and OT assets are available
MIL3 requirements
m. Continuity plans are aligned with identified risks and the organization’s threat profile (THREAT-2e) to ensure coverage of identified risk categories and threats
n. Continuity plan exercises address higher priority risks
o. The results of continuity plan testing or activation are compared to recovery objectives, and plans are improved accordingly
p. Continuity plans are periodically reviewed and updated
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
