Secure Req 10

From IDESG Wiki
Jump to: navigation, search

<< Back to Baseline Functional Requirements Index

SECURE-10. UPTIME

Entities that provide and conduct digital identity management functions MUST have established policies and processes in place to maintain their stated assurances for availability of their services.

SUPPLEMENTAL GUIDANCE

At a minimum, service providers should have documented policies and processes to address disaster recovery, continuity of business, and denial of service prevention/recovery. See INTEROP-5 (DOCUMENTED PROCESSES).

REFERENCES

FFIEC-Business Continuity Planning, Retail Payment System Handbook, and Wholesale Payment System Handbook, E-Banking Handbook, https://www.ffiec.gov/; “IT Handbooks”, at http://ithandbook.ffiec.gov/it-booklets.aspx; ISO 20000-1 (2011) (Part 1: Service management system requirements) and -2 (2012) (Part 2: Guidance on the application of service management systems) 1.6.3.1 & 1.6.3.2, ISO 27002 (2005)- Section 14.1; CSA CCM, https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/ , NIST 800-53-4, Continuity Planning, Incident Response; COBIT V5 DSS04 “Manage Continuity”

APPLIES TO ACTIVITIES

REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION

KEYWORDS

PROCESS, SECURITY, UPTIME



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |