An alternate site is identified that permits the partial restoration of mission or business essential functions.

An alternate site is identified that permits the restoration of all mission or business essential functions.

Procedures are in place assure the appropriate physical and technical protection of the backup and restoration hardware, firmware, and software, such as router tables, compilers, and other security-related system software.

Data backup is performed at least weekly.

Data backup is performed daily, and recovery media are stored off-site at a location that affords protection of the data in accordance with its mission assurance category and confidentiality level.

Data backup is accomplished by maintaining a redundant secondary system, not co-located, that can be activated without loss of data or disruption to the operation.

A disaster plan exists that provides for the partial resumption of mission or business essential functions within 5 days of activation. (Disaster recovery procedures include business recovery plans, system contingency plans, facility disaster recovery plans, and plan acceptance.)

A disaster plan exists that provides for the resumption of mission or business essential functions within 24 hours of activation. (Disaster recovery procedures include business recovery plans, system contingency plans, facility disaster recovery plans, and plan acceptance.)

A disaster plan exists that provides for the smooth transfer of all mission or business essential functions to an alternate site for the duration of an event with little or no loss of operational continuity. (Disaster recovery procedures include business recovery plans, system contingency plans, facility disaster recovery plans, and plan acceptance.)

Enclave boundary defense at the alternate site provides security measures equivalent to the primary site.

Enclave boundary defense at the alternate site must be configured identically to that of the primary site.

The continuity of operations or disaster recovery plans are exercised annually.

The continuity of operations or disaster recovery plans or significant portions are exercised semi-annually.

Mission and business essential functions are identified for priority restoration planning.

Mission and business-essential functions are identified for priority restoration planning along with all assets supporting mission or business-essential functions (e.g., computer-based services, data and applications, communications, physical infrastructure).

Maintenance support for key IT assets is available to respond within 24 hours of failure.

Maintenance support for key IT assets is available to respond 24 X 7 immediately upon failure.

Electrical power is restored to key IT assets by manually activated power generators upon loss of electrical power from the primary source.

Electrical systems are configured to allow continuous or uninterrupted power to key IT assets. This may include an uninterrupted power supply coupled with emergency generators.

Electrical systems are configured to allow continuous or uninterrupted power to key IT assets and all users accessing the key IT assets to perform mission or business-essential functions. This may include an uninterrupted power supply coupled with emergency generators or other alternate power source.

Maintenance spares and spare parts for key IT assets can be obtained within 24 hours of failure.

Maintenance spares and spare parts for key IT assets are available 24 X 7 immediately upon failure.

Back-up copies of the operating system and other critical software are stored in a fire rated container or otherwise not collocated with the operational software.

Recovery procedures and technical system features exist to ensure that recovery is done in a secure and verifiable manner. Circumstances that can inhibit a trusted recovery are documented and appropriate mitigating procedures have been put in place.

An annual IA review is conducted that comprehensively evaluates existing policies and processes to ensure procedural consistency and to ensure that they fully support the goal of uninterrupted operations.