NIST 800-53 CP-10 Mappings

Recovery is executing contingency plan activities to restore organizational mission and business functions. Reconstitution takes place following recovery and includes activities for returning systems to fully operational states. Recovery and reconstitution operations reflect mission and business priorities; recovery point, recovery time, and reconstitution objectives; and organizational metrics consistent with contingency plan requirements. Reconstitution includes the deactivation of interim system capabilities that may have been needed during recovery operations. Reconstitution also includes assessments of fully restored system capabilities, reestablishment of continuous monitoring activities, system reauthorization (if required), and activities to prepare the system and organization for future disruptions, breaches, compromises, or failures. Recovery and reconstitution capabilities can include automated mechanisms and manual procedures. Organizations establish recovery time and recovery point objectives as part of contingency planning.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CP-10 System Recovery and Reconstitution Protects T1486 Data Encrypted for Impact
CP-10 System Recovery and Reconstitution Protects T1491 Defacement
CP-10 System Recovery and Reconstitution Protects T1491.001 Internal Defacement
CP-10 System Recovery and Reconstitution Protects T1491.002 External Defacement
CP-10 System Recovery and Reconstitution Protects T1565 Data Manipulation
CP-10 System Recovery and Reconstitution Protects T1565.001 Stored Data Manipulation
CP-10 System Recovery and Reconstitution Protects T1561.002 Disk Structure Wipe
CP-10 System Recovery and Reconstitution Protects T1561.001 Disk Content Wipe
CP-10 System Recovery and Reconstitution Protects T1561 Disk Wipe
CP-10 System Recovery and Reconstitution Protects T1485 Data Destruction
CP-10 System Recovery and Reconstitution Protects T1490 Inhibit System Recovery