NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-10(6)Component Protection

Protect system components used for recovery and reconstitution.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Protection of system recovery and reconstitution components (i.e., hardware, firmware, and software) includes physical and technical controls. Backup and restoration components used for recovery and reconstitution include router tables, compilers, and other system software.

Practitioner Notes

This enhancement requires protection of system components that are essential for recovery — if your recovery tools themselves are compromised or destroyed, you cannot recover.

Example 1: Store your recovery tools (restore software, OS installation media, configuration scripts) in a secure, offline location separate from production systems.

Example 2: Maintain offline copies of your Ansible playbooks or Terraform scripts in a secure vault so you can rebuild infrastructure even if your Git repository is compromised.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(2) Capacity Planning