Disaster Recovery
Plan and execute disaster recovery procedures.
9 of 9 frameworks cover this control
Framework Mappings
How Disaster Recovery maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | RC.RP-01 |
| ISO 27001 | Covered | A.5.29 A.5.30 |
| CIS v8 | Covered | CIS 11.1 CIS 11.5 |
| SOC 2 | Covered | A1.2 A1.3 |
| PCI DSS | Covered | 12.10.1 |
| CMMC | Covered | RE.L2-3.8.9 |
| 800-53 | Covered | CP-2 CP-10 |
| HIPAA | Covered | §164.308(a)(7)(ii)(A) §164.308(a)(7)(ii)(B) |
| GDPR | Covered | Art.32(1)(c) |
About Disaster Recovery
Disaster Recovery is a cybersecurity control in the Recover domain. Plan and execute disaster recovery procedures. Disaster recovery (DR) provides the technical capabilities and procedures needed to restore IT infrastructure, applications, and data following a catastrophic event such as a ransomware attack, data center outage, or natural disaster. DR planning includes defining recovery time objectives (RTO) and recovery point objectives (RPO) for each critical system, establishing redundant infrastructure or cloud-based failover environments, and documenting step-by-step restoration procedures. Organizations should conduct full DR tests at least annually, including failover to secondary sites, to validate that recovery capabilities meet defined objectives and that staff can execute procedures effectively.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.