Draft FAC Contingency Plan SOP

[ChrisB-16]

In order to meet FAC ATO A&A security control requirements
as a FAC system owner I should document the workflow steps needed to recover or reconstitute the FAC system if any unforeseen circumstances occur, track all details within FAC Contingency Plan SOP .

[ChrisB-16]

• GSA CP Plan template is being updated to track FAC CP details
• Cloud.gov CP security controls are being reviewed & applicable statements will be tracked for FAC inheritance, since FAC is hosted within Cloud.gov
• Additional details are being tracked by FAC operations team, when ready all technical implementation details necessary to help execute a effective CP action plan will be merged within final FAC CP Plan SOP

[mogul]

I was looking around for prior examples of CPs for TTS systems hosted on cloud.gov. I found these references to look at, but I haven't had a chance to delve into them. Please lift anything useful, and thanks for pursuing this!

• https://github.com/GSA/compliance-docs/blob/master/CP-Policy.md
• https://github.com/GSA/datagov-ckan-multi/blob/eff53edb0bef74782895502aa28c4ee547cc5084/_data/opencontrol/components/Data.gov/component.yaml#L1040-L1152
• https://github.com/GSA-TTS/tts-common-controls/blob/main/.github/ISSUE_TEMPLATE/INCIDENT_RESPONSE.md
• https://github.com/cloud-gov/cg-site/blob/main/_docs/ops/contingency-plan.md

[ChrisB-16]

Greetings Bret,

Thanks for details I will review and update the FAC CP accordingly.

https://docs.google.com/document/d/13iu4ZgumcWEemV68ocmcxoJiLMByc3mo/edit

[mogul]

Changing this to a SHOULD since there was no SAR finding.

[danswick]

We're considering this blocked while backup and restore work is ongoing. We also need the system owner to review and sign-off.

[danswick]

This is done. Latest document is on Drive here.