Secure Req 10
<< Back to Baseline Functional Requirements Index
Entities that provide and conduct digital identity management functions MUST have established policies and processes in place to maintain their stated assurances for availability of their services.
At a minimum, service providers should have documented policies and processes to address disaster recovery, continuity of business, and denial of service prevention/recovery. See INTEROP-5 (DOCUMENTED PROCESSES).
FFIEC-Business Continuity Planning, Retail Payment System Handbook, and Wholesale Payment System Handbook, E-Banking Handbook, https://www.ffiec.gov/; “IT Handbooks”, at http://ithandbook.ffiec.gov/it-booklets.aspx; ISO 20000-1 (2011) (Part 1: Service management system requirements) and -2 (2012) (Part 2: Guidance on the application of service management systems) 220.127.116.11 & 18.104.22.168, ISO 27002 (2005)- Section 14.1; CSA CCM, https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/ , NIST 800-53-4, Continuity Planning, Incident Response; COBIT V5 DSS04 “Manage Continuity”