COAS-2

COAS-2 Alternate Site Designation

Overview

An alternate site is identified that permits the restoration of all mission or business essential functions.

MAC / CONF	Impact	Subject Area
MACI MACII	High	Continuity

Details

Threat
Environmental disasters, organized disruptions, loss of utilities/services, equipment or system failures, and serious information security incidents are potential events that could disrupt mission or business essential functions. A recovery strategy should be developed to include an alternate site to mitigate the impact of disruptive events.

Guidance
This general implementation guidance is provided for IAMs/IAOs involved in the creation of a system or organizational Continuity of Operations (COOP) plan:Identify an alternate site that has the capability to fully restore mission or business essential functions.Establish a program to ensure comprehensive and effective continuity of full functionality during a broad spectrum of emergencies or situations that may disrupt normal operations (e.g., power failures, damage to facilities caused by storms, fires, flooding, etc.)Ensure that the program includes a strategy to recover and perform full system operations at the alternate facility for an extended period of time.Full restoration of mission or business essential functions at an alternate site shall be based on a business impact analyses that identifies and ranks major information systems and mission-critical applications according to priority and the maximum permissible outage for each.A contingency plan shall be created that identifies mission-essential computing needs to include hardware, software, communication lines, applications, and data. The plan should also include the operators, management, and technical support personnel that will implement the contingency plan.

Guidance

This general implementation guidance is provided for IAMs/IAOs involved in the creation of a system or organizational Continuity of Operations (COOP) plan:Identify an alternate site that has the capability to fully restore mission or business essential functions.Establish a program to ensure comprehensive and effective continuity of full functionality during a broad spectrum of emergencies or situations that may disrupt normal operations (e.g., power failures, damage to facilities caused by storms, fires, flooding, etc.)Ensure that the program includes a strategy to recover and perform full system operations at the alternate facility for an extended period of time.Full restoration of mission or business essential functions at an alternate site shall be based on a business impact analyses that identifies and ranks major information systems and mission-critical applications according to priority and the maximum permissible outage for each.A contingency plan shall be created that identifies mission-essential computing needs to include hardware, software, communication lines, applications, and data. The plan should also include the operators, management, and technical support personnel that will implement the contingency plan.

References

NIST SP 800-12, An Introduction to Computer Security: The NIST Handbook, October 1995
NIST SP 800-34, Contingency Planning Guide for Information Technology Systems, June 2002
DoD Directive 3020.26, Defense Continuity Program, 08 September 2004
DoDI 3020.39, Integrated Continuity Planning for Defense Intelligence, 03 August 2001
CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 25 March 2003, Enclosure D
CNSS Instruction 4009, May 2003, Reference B
NSTISSI 4013, National Training Standard for System Administrators in Information Systems Security, August 1997