NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-10(4)Restore Within Time Period

Provide the capability to restore system components within {{ insert: param, cp-10.04_odp }} from configuration-controlled and integrity-protected information representing a known, operational state for the components.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Restoration of system components includes reimaging, which restores the components to known, operational states.

Practitioner Notes

This enhancement requires you to restore system functionality within a defined time period — your recovery must meet your documented Recovery Time Objectives.

Example 1: Define and document RTOs in your contingency plan — for example, Active Directory within 2 hours, email within 4 hours, ERP within 8 hours — and test to verify you can meet them.

Example 2: Configure Azure Site Recovery with recovery plans that automate the startup sequence and have been tested to complete within your defined RTO targets.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(2) Capacity Planning