• Requirement

    1. Require primary and alternate telecommunications service providers to have contingency plans;
    2. Review provider contingency plans to ensure that the plans meet organizational contingency requirements; and
    3. Obtain evidence of contingency testing and training by providers [Assignment: organization-defined frequency].
  • Discussion

    Reviews of provider contingency plans consider the proprietary nature of such plans. In some situations, a summary of provider contingency plans may be sufficient evidence for organizations to satisfy the review requirement. Telecommunications service providers may also participate in ongoing disaster recovery exercises in coordination with the Department of Homeland Security and state and local governments. Organizations may use these types of activities to satisfy evidentiary requirements related to service provider contingency plan reviews, testing, and training.

More Info

  • Title

    Telecommunications Services | Provider Contingency Plan
  • Family

    Contingency Planning
  • NIST 800-53B Baseline(s)

    • High
  • Related NIST 800-53 ID


NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!