NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-2(2)Capacity Planning

Conduct capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Capacity planning is needed because different threats can result in a reduction of the available processing, telecommunications, and support services intended to support essential mission and business functions. Organizations anticipate degraded operations during contingency operations and factor the degradation into capacity planning. For capacity planning, environmental support refers to any environmental factor for which the organization determines that it needs to provide support in a contingency situation, even if in a degraded state. Such determinations are based on an organizational assessment of risk, system categorization (impact level), and organizational risk tolerance.

Practitioner Notes

This enhancement requires capacity planning as part of contingency planning — your backup systems and alternate sites need enough capacity to handle the workload during a disaster.

Example 1: Ensure your Azure Site Recovery or AWS Disaster Recovery environment has enough compute and storage capacity to run your critical workloads at acceptable performance.

Example 2: Document the minimum bandwidth, storage, and processing requirements for each critical system so your alternate site can be properly provisioned before a disaster strikes.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(3) Resume Mission and Business Functions