COEF-2

COEF-2 Identification of Essential Functions

Overview

Mission and business-essential functions are identified for priority restoration planning along with all assets supporting mission or business-essential functions (e.g., computer-based services, data and applications, communications, physical infrastructure).

MAC / CONF	Impact	Subject Area
MACI MACII	Medium	Continuity

Details

Threat
Although many threats and vulnerabilities can be mitigated, some threats cannot be prevented. Therefore, it is important to be prepared and minimize the impact of an emergency by identifying and prioritizing mission and business essential functions along with all supporting assets (e.g., computer-based services, data and applications, communications, physical infrastructure).

Guidance
1. Mission and business-essential functions shall be identified for priority restoration planning along with all assets supporting mission or business-essential functions (e.g., computer-based services, data and applications, communications, physical infrastructure), and the results shall be documented in a contingency plan. 2. Business process managers and accountable executives shall be involved in the identification of essential functions for which disruption will result in significant financial and/or operational losses. 3. The prioritized restoration plan shall be periodically reviewed and updated.

Guidance

1. Mission and business-essential functions shall be identified for priority restoration planning along with all assets supporting mission or business-essential functions (e.g., computer-based services, data and applications, communications, physical infrastructure), and the results shall be documented in a contingency plan.
2. Business process managers and accountable executives shall be involved in the identification of essential functions for which disruption will result in significant financial and/or operational losses.
3. The prioritized restoration plan shall be periodically reviewed and updated.

References

OMB Circular A–130, Revised (Transmittal Memorandum No. 4), Appendix III, Security of Federal Automated Information Resources, November 2000
Presidential Decision Directive 67, Enduring Constitutional Government and Continuity of Government Operations, October 1998.
NIST SP 500-170, Management Guide to Protection of Information Resources, October 1989
CJCSM 6510.01 Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 25 March 2003
NIST SP 800-34, Contingency Planning Guide for Information Technology Systems, June 2002
FIPS Publication 87, Guidelines for ADP Contingency Planning, March 1981
DoDI 3020.39, Integrated Continuity Planning for Defense Intelligence, 03 August 2001
DoDD 3020.36, Assignment of National Security Emergency Preparedness Responsibilities to DoD Components, 02 November 1988
DoDD 3020.26, Defense Continuity Program, 08 September 2004
DoDD 5137.1, Assistant Secretary of Defense for Command, Control, Communications, and Intelligence, 12 February 1992
DoD 8910.1-M, DoD Procedures for Management of Information Requirements, 30 June 1998