Secure Req 10: Difference between revisions
m (10 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:03, 28 June 2018
<< Back to Baseline Functional Requirements Index
SECURE-10. UPTIME
Entities that provide and conduct digital identity management functions MUST have established policies and processes in place to maintain their stated assurances for availability of their services.
SUPPLEMENTAL GUIDANCE
At a minimum, service providers should have documented policies and processes to address disaster recovery, continuity of business, and denial of service prevention/recovery. See INTEROP-5 (DOCUMENTED PROCESSES).
REFERENCES
FFIEC-Business Continuity Planning, Retail Payment System Handbook, and Wholesale Payment System Handbook, E-Banking Handbook, https://www.ffiec.gov/; “IT Handbooks”, at http://ithandbook.ffiec.gov/it-booklets.aspx; ISO 20000-1 (2011) (Part 1: Service management system requirements) and -2 (2012) (Part 2: Guidance on the application of service management systems) 1.6.3.1 & 1.6.3.2, ISO 27002 (2005)- Section 14.1; CSA CCM, https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/ , NIST 800-53-4, Continuity Planning, Incident Response; COBIT V5 DSS04 “Manage Continuity”
APPLIES TO ACTIVITIES
REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION
KEYWORDS
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |