NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-4(1)Coordinate with Related Plans

Coordinate contingency plan testing with organizational elements responsible for related plans.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Plans related to contingency planning for organizational systems include Business Continuity Plans, Disaster Recovery Plans, Continuity of Operations Plans, Crisis Communications Plans, Critical Infrastructure Plans, Cyber Incident Response Plans, and Occupant Emergency Plans. Coordination of contingency plan testing does not require organizations to create organizational elements to handle related plans or to align such elements with specific plans. However, it does require that if such organizational elements are responsible for related plans, organizations coordinate with those elements.

Practitioner Notes

This enhancement requires your contingency plan tests to be coordinated with tests of related plans — incident response, business continuity, and others.

Example 1: Schedule your contingency plan test on the same day as your incident response exercise to practice how both teams coordinate when a security incident causes a system outage.

Example 2: Coordinate your IT disaster recovery test with your facilities team's building evacuation drill to simulate a scenario where physical access is lost simultaneously.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(2) Capacity Planning