STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

CP-10

Contingency PlanningRev 5organization

System Recovery and Reconstitution

Baselines:LowModerateHigh

Control Statement

Provide for the recovery and reconstitution of the system to a known state within [Assignment: organization-defined time period consistent with recovery time and recovery point objectives] after a disruption, compromise, or failure.

Supplemental Guidance

Recovery is executing contingency plan activities to restore organizational mission and business functions. Reconstitution takes place following recovery and includes activities for returning systems to fully operational states. Recovery and reconstitution operations reflect mission and business priorities; recovery point, recovery time, and reconstitution objectives; and organizational metrics consistent with contingency plan requirements. Reconstitution includes the deactivation of interim system capabilities that may have been needed during recovery operations. Reconstitution also includes assessments of fully restored system capabilities, reestablishment of continuous monitoring activities, system reauthorization (if required), and activities to prepare the system and organization for future disruptions, breaches, compromises, or failures. Recovery and reconstitution capabilities can include automated mechanisms and manual procedures. Organizations establish recovery time and recovery point objectives as part of contingency planning.

Related Controls (9)

CP-2CP-4CP-6CP-7CP-9IR-4SA-8SC-24SI-13

CCI Identifiers (5)

CCI-000550The organization provides for the recovery and reconstitution of the information system to a known state after a disruption.CCI-000551The organization provides for the recovery and reconstitution of the information system to a known state after a compromise.CCI-000552The organization provides for the recovery and reconstitution of the information system to a known state after a failure.CCI-004028Provide for the recovery and reconstitution of the system to a known state within an organization-defined time-period consistent with recovery time and recovery point objectives after a disruption, compromise, or failure.CCI-004029Defines the time-period consistent with recovery time and recovery point objectives for the recovery and reconstitution of the system.

Linked STIG Checks (1)

Across 1 STIGs. Click to expand.