Recovery Planning
Develop and maintain recovery plans.
9 of 9 frameworks cover this control
Framework Mappings
How Recovery Planning maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | RC.RP-01 RC.RP-02 |
| ISO 27001 | Covered | A.5.29 A.5.30 |
| CIS v8 | Covered | CIS 11.1 CIS 17.7 |
| SOC 2 | Covered | A1.2 A1.3 |
| PCI DSS | Covered | 12.10.1 |
| CMMC | Covered | RE.L2-3.8.9 |
| 800-53 | Covered | CP-2 CP-10 |
| HIPAA | Covered | §164.308(a)(7)(i) §164.308(a)(7)(ii)(B) |
| GDPR | Covered | Art.32(1)(c) |
About Recovery Planning
Recovery Planning is a cybersecurity control in the Recover domain. Develop and maintain recovery plans. Recovery planning establishes documented procedures for restoring systems, data, and business operations to normal functioning after a cybersecurity incident or disaster. Plans should define recovery priorities based on business impact analysis, specify technical restoration procedures for critical systems, identify required resources and personnel, and include communication templates for stakeholder updates during recovery. Recovery plans must be tested at least annually through tabletop exercises or full-scale recovery drills, with results documented and used to improve the plan's effectiveness.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.