NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-2(7)Coordinate with External Service Providers

Coordinate the contingency plan with the contingency plans of external service providers to ensure that contingency requirements can be satisfied.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

When the capability of an organization to carry out its mission and business functions is dependent on external service providers, developing a comprehensive and timely contingency plan may become more challenging. When mission and business functions are dependent on external service providers, organizations coordinate contingency planning activities with the external entities to ensure that the individual plans reflect the overall contingency needs of the organization.

Practitioner Notes

This enhancement requires coordination with external service providers as part of your contingency planning — your plan must account for their capabilities and limitations.

Example 1: Review your Microsoft 365 and Azure SLAs to understand what Microsoft guarantees during an outage and build your contingency plan around those commitments.

Example 2: Include your ISP's emergency contact information and SLA terms in your contingency plan, along with procedures for activating backup internet connections.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(2) Capacity Planning