NIST 800-53 REV 5 • CONTINGENCY PLANNING
CP-10 — System Recovery and Reconstitution
Provide for the recovery and reconstitution of the system to a known state within {{ insert: param, cp-10_prm_1 }} after a disruption, compromise, or failure.
Supplemental Guidance
Recovery is executing contingency plan activities to restore organizational mission and business functions. Reconstitution takes place following recovery and includes activities for returning systems to fully operational states. Recovery and reconstitution operations reflect mission and business priorities; recovery point, recovery time, and reconstitution objectives; and organizational metrics consistent with contingency plan requirements. Reconstitution includes the deactivation of interim system capabilities that may have been needed during recovery operations. Reconstitution also includes assessments of fully restored system capabilities, reestablishment of continuous monitoring activities, system reauthorization (if required), and activities to prepare the system and organization for future disruptions, breaches, compromises, or failures. Recovery and reconstitution capabilities can include automated mechanisms and manual procedures. Organizations establish recovery time and recovery point objectives as part of contingency planning.
Practitioner Notes
System recovery and reconstitution means getting your system back to a fully operational, secure state after a disruption. This goes beyond just restoring data — you need to verify the system is clean and properly configured.
Example 1: Document a step-by-step system recovery runbook that covers restoring from backup, applying current patches, verifying security configurations, and running a STIG compliance scan before returning the system to production.
Example 2: After recovering from a ransomware incident, rebuild affected systems from clean images rather than just restoring files, and run Microsoft Defender full scans before reconnecting to the network.