>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CP-10System Recovery and Reconstitution

LI-SaaS
Low
Moderate
High

>Control Description

Provide for the recovery and reconstitution of the system to a known state within organization-defined time period consistent with recovery time and recovery point objectives after a disruption, compromise, or failure.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

Recovery is executing contingency plan activities to restore organizational mission and business functions. Reconstitution takes place following recovery and includes activities for returning systems to fully operational states. Recovery and reconstitution operations reflect mission and business priorities; recovery point, recovery time, and reconstitution objectives; and organizational metrics consistent with contingency plan requirements.

Reconstitution includes the deactivation of interim system capabilities that may have been needed during recovery operations. Reconstitution also includes assessments of fully restored system capabilities, reestablishment of continuous monitoring activities, system reauthorization (if required), and activities to prepare the system and organization for future disruptions, breaches, compromises, or failures. Recovery and reconstitution capabilities can include automated mechanisms and manual procedures.

Organizations establish recovery time and recovery point objectives as part of contingency planning.

>Cross-Framework Mappings

SCF

BCD-12
Compare

>Programmatic Queries

Beta

Related Services

AWS Backup
CloudFormation
AMI

CLI Commands

List recovery points
aws backup list-recovery-points-by-backup-vault --backup-vault-name VAULT_NAME
Check CloudFormation stacks
aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE UPDATE_COMPLETE
List AMIs for recovery
aws ec2 describe-images --owners self --query 'Images[*].{Id:ImageId,Name:Name,Created:CreationDate}'
Check restore job status
aws backup list-restore-jobs --by-status COMPLETED
Open AWS ConsoleDocumentation

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of CP-10 (System Recovery And Reconstitution)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring CP-10?
  • How frequently is the CP-10 policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures CP-10 requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce CP-10 requirements.
  • What automated tools, systems, or technologies are deployed to implement CP-10?
  • How is CP-10 integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce CP-10 requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of CP-10?
  • What audit logs, records, reports, or monitoring data validate CP-10 compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of CP-10 effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate CP-10 compliance?

Ask AI

Configure your API key to use AI features.