Business Continuity
Ensure business continuity through incident recovery.
9 of 9 frameworks cover this control
Framework Mappings
How Business Continuity maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | RC.RP-03 RC.RP-04 |
| ISO 27001 | Covered | A.5.29 A.5.30 |
| CIS v8 | Covered | CIS 11.3 CIS 11.4 |
| SOC 2 | Covered | A1.1 A1.2 A1.3 |
| PCI DSS | Covered | 12.10.1 |
| CMMC | Covered | RE.L2-3.8.9 |
| 800-53 | Covered | CP-2 CP-6 CP-7 |
| HIPAA | Covered | §164.308(a)(7)(i) §164.308(a)(7)(ii)(C) |
| GDPR | Covered | Art.32(1)(b) Art.32(1)(c) |
About Business Continuity
Business Continuity is a cybersecurity control in the Recover domain. Ensure business continuity through incident recovery. Business continuity planning ensures that critical organizational functions can continue operating during and after a cybersecurity incident, natural disaster, or other disruptive event. This involves conducting a business impact analysis (BIA) to identify critical processes and their maximum tolerable downtime, establishing alternate processing facilities or failover capabilities, and defining communication procedures for continuity activation. Business continuity plans should be integrated with disaster recovery and incident response plans, tested through regular exercises, and updated whenever significant changes occur in business operations or technology infrastructure.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.