CP-4(5)

Requirement

Employ [Assignment: organization-defined mechanisms] to [Assignment: organization-defined system or system component] to disrupt and adversely affect the system or system component.

Discussion

Often, the best method of assessing system resilience is to disrupt the system in some manner. The mechanisms used by the organization could disrupt system functions or system services in many ways, including terminating or disabling critical system components, changing the configuration of system components, degrading critical functionality (e.g., restricting network bandwidth), or altering privileges. Automated, on-going, and simulated cyber-attacks and service disruptions can reveal unexpected functional dependencies and help the organization determine its ability to ensure resilience in the face of an actual cyber-attack.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: Contingency planning policy; procedures addressing system recovery and reconstitution; contingency plan; contingency plan test documentation; contingency plan test results; system security plan; other relevant documents or records].

Interview

[SELECT FROM: Organizational personnel with contingency plan testing responsibilities; organizational personnel with system recovery and reconstitution responsibilities; organizational personnel with information security responsibilities].

Test

[SELECT FROM: Organizational processes for contingency plan testing; mechanisms supporting contingency plan testing].

ID	Assessment Objectives
CP-04(05)	<CP-04(05)_ODP[01] mechanisms> are employed to disrupt and adversely affect the <CP-04(05)_ODP[02] system or system component>.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!