ISCP Review of Recovery

[gary-fallon]

Description

The Recovery in Section 4 needs to be reviewed and updated.

Tasks

The following tasks must be reviewed and completed as necessary.

• [ ] In Section 4.1, the sequence of recovery activities may be correct, but supporting documentation is necessary. These SOPs need to be detailed and available to the recovery teams.
• [ ] In Section 4.2, Appendix C is non-compliant. The recovery procedures should include "keystroke-level recovery steps."
• [ ] In Section 4.3, Appendix D is non-compliant. If there are no procedures, this should be noted.
• [ ] In Section 4.4, no conditions outside those provided in the template are listed. The procedures for notification are listed, but no steps are provided. Is this referenced elsewhere?

Acceptance

The following tasks must be completed before this issue can be considered done.

• [x] Review for accuracy and completeness.

[alyssagallion]

Looping in @jhouse-solvd @ph-One @ericboehs and @npeterson54 to collaborate

[gary-fallon]

This item might require additional user stories once the tasks have been reviewed.

[gary-fallon]

I will be drafting the BIA and ISCP based on a new definition of the FISMA authorization boundary that includes all VFS applications.

[alyssagallion]

During our Gap Analysis, we realized that the System Security Plan (SSP) was incorrect. We have since updated it, presented it to the ISSO and Ray Wang is now reviewing the associated tickets he needs to approve. Once those are reviewed and approved, @ScottCutlip will continue the work on SSP.

SSP is blocking BIA work and BIA work must be completed prior to ISCP work being done. Blocked.

[jhouse-solvd]

Please see the parent epic for a recent update.

Moving to review.

[jhouse-solvd]

The ISCP has been updated w/ the most recent info.

Please see the parent epic (#53216) for future updates and follow-up issues.

Closing.