Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
COED-2 Scheduled Exercises and Drills
Overview
The continuity of operations or disaster recovery plans or significant portions are exercised semi-annually.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| MACI | Medium | Continuity |
Details
| Threat |
|---|
| Disaster recovery plans are essential for mitigating the effects of emergencies, but without training, the threat of making mistakes during plan execution is high. Exercising disaster recovery plans semi-annually followed by corrections and enhancements improve an organization’s disaster response capabilities. |
| Guidance |
|---|
| 1. The continuity of operations or disaster recovery plans or significant portions shall be exercised semi-annually to ensure plans are complete and viable. 2. The exercises shall be coordinated with management and other key personnel. 3. The exercise, if possible, shall not interrupt normal operations. 4. The results of the exercise shall be recorded and analyzed for improvements and enhancements. |
References
- Presidential Decision Directive 67, Enduring Constitutional Government and Continuity of Government Operations, October 1998
- NIST SP 500-170, Management Guide to Protection of Information Resources, October 1989
- NIST SP 800-34, Contingency Planning Guide for Information Technology Systems, June 2002
- FIPS Publication 87, Guidelines for ADP Contingency Planning, March 1981
- DoDI 3020.39, Integrated Continuity Planning for Defense Intelligence, 03 August 2001
- DoDD 3020.36, Assignment of National Security Emergency Preparedness Responsibilities to DoD Components, 02 November 1988
- DoDD 3020.26, Defense Continuity Program, 08 September 2004
- DoDD 5137.1, Assistant Secretary of Defense for Command, Control, Communications, and Intelligence, 12 February 1992
- DoD 8910.1-M, DoD Procedures for Management of Information Requirements, 30 June 1998
- CJCSM 6510.01 Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 25 March 2003