10.8.62 Information System Contingency Plan (ISCP) and Disaster Recovery (DR) Test, Training, and Exercise (TT&E) Process

Manual Transmittal

November 22, 2019

Purpose

(1) This transmits the revised Internal Revenue Manual (IRM) 10.8.62, Information Technology (IT) Security, Information System Contingency Plan (ISCP) and Disaster Recovery (DR) Test, Training, and Exercise (TT&E) Program.

Material Changes

(1) The following sections have been updated/clarified with this version of policy:

  1. Background: Section removed from Manual Transmittal and added to 10.8.62.1.3 to align with Service-wide Policy, Directives and Electronic Research (SPDER) requirements,

  2. IRM 10.8.62.1, Program Scope and Objectives: Section title updated to match SPDER requirements.

  3. IRM 10.8.62.1.1, Scope: Section relocated to align with Security Policy boilerplate.

  4. IRM 10.8.62.1.2, Objectives: Section retitled to match SPDER requirements.

  5. IRM 10.8.62.1.3, Background: New section added per SPDER boilerplate, moved from manual transmittal.

  6. IRM 10.8.62.3.1.1.5, Table Top Exercises: New controls added.

  7. IRM 10.8.62.3.1.1.6, Functional Exercises: New controls added.

  8. IRM 10.8.62..3.1.1.7, DR Test: New controls added.

  9. IRM 10.8.62.3.1.3.1. Table Top Exercises: New controls added.

  10. IRM 10.8.62.3.1.3.3, DR Test: New controls added.

  11. Exhibit 10.8.62-1, ISCP & DR Testing Checklist: Updated links.

  12. Exhibit 10.8.62-2, ISCP Functional Exercise Methodology and Procedures: Updated requirements and links.

  13. Exhibit 10.8.62-3, Glossary and Acronyms: Added acronyms and definitions.

  14. Exhibit 10.8.62-5, References: Updated references.

(2) Editorial changes (including grammar, spelling, and minor clarification) were made throughout the IRM.

Effect on Other Documents

IRM 10.8.62 dated September 4, 2015, is superseded. This IRM supersedes all prior versions of IRM 10.8.62. This IRM supplements IRM 10.8.1, Information Technology (IT) Security Policy and Guidance; IRM 10.8.2, Information Technology Security Roles and Responsibilities. Also, this IRM supplements IRM 10.8.60.

Audience

IRM 10.8.62 shall be distributed to all personnel responsible for ensuring that ISCPs or DR plans and procedures are exercised and/or tested to determine the capability of the IRS to recover and restore its systems in the event of a disruption, disaster, or catastrophe. This policy applies to all employees, contractors, and vendors of the IRS.

Effective Date

(11-22-2019)

Nancy Sieger
Acting Chief Information Officer

Program Scope and Objectives

  1. This IRM augments the security controls as defined in IRM 10.8.60, IT Service Continuity Management (ITSCM) Policy and Guidance to ensure Internal Revenue Service (IRS) information technology (IT) resources and business processes can be recovered.

Scope

  1. This IRM covers the methodology that can be applied to tabletop exercise events built around any type of information system-related plan, including, but not limited to, contingency and disaster recovery plans.

    1. Per IRM 10.8.60, IT Service Continuity Management (ITSCM) Policy and Guidance and the guidance listed in the References section, the IRS shall exercise or test Information System Contingency Plans (ISCPs) and Disaster Recovery (DR) planning documents at least annually, for information systems prescribed by Public Law and the IRS.

    2. Each Federal Information Security Modernization Act (FISMA) year as defined by the Federal Information Security Modernization Act (FISMA) of 2014, the Director of Security Risk Management (SRM) shall issue a program memorandum specific to Information System Contingency Plan (ISCP) and DR testing for that FISMA year. The memorandum shall include any changes in regulations and testing requirements/guidance.

  2. The provisions in this manual apply to:

    1. All offices and business, operating, and functional units within the IRS.

    2. Individuals and organizations having contractual arrangements with the IRS, including employees, contractors, vendors, and outsourcing providers, which use or operate information systems that store, process, or transmit IRS Information or connect to an IRS network or system.

    3. All IRS information and information systems. For information systems that store, process, or transmit classified information, please refer to IRM 10.9.1, National Security Information, for additional procedures for protecting classified information.

  3. The IRS shall ensure that the product and version selected is in accordance with IRS Enterprise Architecture (EA) Enterprise Standards Profile (ESP) that dictates the official products and versions of software within the IRS.

  4. The IRS shall ensure the application or system version is a version for which the vendor still offers standardized technical support.

  5. In the event there is a discrepancy between this policy and IRM 10.8.1, IRM 10.8.1 has precedence, unless the security controls/requirements in this policy are more restrictive.

Objectives

  1. This IRM establishes the minimum baseline security policy and requirements for all IRS IT assets in order to:

    1. Protect the critical infrastructure and assets of the IRS against attacks that exploit IRS assets.

    2. Prevent unauthorized access to IRS assets.

    3. Enable IRS IT computing environments that meet the security requirements of this policy and support the business needs of the organization.

  2. It is acceptable to configure settings to be more restrictive than those defined in this IRM.

  3. To configure less restrictive controls requires a risk-based decision. See the Risk Acceptance and Risk-Based Decisions (RBD) section within this IRM for additional guidance.

Background

  1. This IRM defines test, training, and exercise processes to ensure that:

    1. Internal Revenue Service (IRS) information systems (IS) resources can be fully recovered in the event that IS contingency or disaster recovery plans must be activated.

    2. Systems and their associated Information Systems Contingency Plans (ISCPs) or disaster recovery (DR) plans and procedures are exercised and/or tested to determine the capability of the IRS to recover and restore its systems in the event of a disruption, disaster, or catastrophe.

  2. FIPS 200 mandates the use of Special Publication 800-53 as baseline for the creation of agency IT security policy.

  3. IRM 10.8.62 is part of the Security, Privacy and Assurance policy family, IRM Part 10 series for IRS Information Technology Cybersecurity.

Authority

  1. IRM 10.8.1, Information Technology (IT) Security, Policy and Guidance, establishes the security program and the policy framework for the IRS.

  2. This IRM augments the security controls as defined in IRM 10.8.60, IT Service Continuity Management (ITSCM) Policy and Guidance to ensure IRS information technology (IT) resources and business processes can be recovered.

Risk Acceptance and Risk-Based Decisions

  1. Any exception to this policy requires that the Authorizing Official (AO) make a Risk-Based Decision (RBD).

  2. Risk-Based Decision requests shall be submitted in accordance with IRM 10.8.1 and use Form 14201, as described in Request for Risk Acceptance and Risk-Based Decision Standard Operating Procedures (SOPs), available on the Enterprise FISMA Compliance SharePoint site via the Risk Acceptance Requests link at: ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ .

  3. Refer to IRM 10.8.1 for additional guidance about risk acceptance.

Roles and Responsibilities

  1. IRM 10.8.2, Information Technology Security Roles and Responsibilities, defines IRS-wide roles and responsibilities related to IRS information and computer security, and is the authoritative source for such information.

  2. The supplemental requirements provided below are specific to the implementation of Test, Training, and Exercise (TT&E) processes.

Security Risk Management (SRM) Organization

  1. Refer to IRM 10.8.60 for additional guidance on Security Risk Management (SRM) program roles and responsibilities.

  2. SRM Information System Contingency Plan Test (ISCPT) personnel are responsible for:

    1. Implementing an effective TT&E program on behalf of SRM. The program shall include at a minimum the following components:
      i. Developing and preparing processes, templates, schedules, and procedures for exercises and tests.
      ii. Coordinating with appropriate organizations, all ISCP and DR exercises and tests for FISMA-reportable assets in the FISMA master inventory.
      iii. Documenting ISCP and DR exercise and test results and lessons learned.
      iv. Monitoring ISCP reviews and updates include:

    2. Ensuring that the plan is updated within 30 days or June 1 of the FISMA cycle, whichever comes first.

    3. The AO signs the ISCP Testing Checklist validating the performance of the annual tabletop, functional exercise, and/or DR test, or as major changes are made to the application/system.

    4. Training Business Operating Division (BOD) and IRS IT personnel annually in their responsibilities related to ISCP and DR tests and familiarizing them with the ISCP and DR test processes.

    5. Developing and maintaining a master ISCP and DR testing schedule for all FISMA-reportable assets in the FISMA Master Inventory.

    6. Coordinating with BODs and IRS IT to identify recovery and support personnel needed to participate in planned tests and exercises.

    7. Facilitating tabletop exercises of the ISCP to familiarize contingency personnel with the plan and recovery procedures within the plan and to identify inconsistencies and outdated information within the plan that could affect capabilities to support contingency operations.

    8. Ensuring that all contingency and recovery tests performed by the IRS meet all Federal requirements and follow the standard guidelines set forth by the Director of SRM.

    9. Coordinating with IRS IT personnel and BOD information system staff to ensure that they perform the following tests for all FISMA-reportable applications and systems in the FISMA master inventory, or as directed in the annual SRM program memorandum:
      i. A functional exercise/test of the ISCP for a FISMA-reportable asset with a FIPS 199 LOW or MODERATE categorization.
      ii. DR test of the ISCP/DR plan for a FISMA-reportable asset with FIPS 199 high categorization or an asset designated as a Critical Infrastructure Protection (CIP) asset.

    10. Validating that previous ISCP and DR related findings are reviewed prior to performing tests and exercises to ensure that testing activities address corrective actions taken for resolution of the findings.

    11. Collaborating with BOD and IRS IT personnel to create DR test cases, scenarios, milestones, and summarize all in the DR test plan.

    12. Validating that a documented process is in place for creating system and application backup files.

    13. Validating that a documented process is in place for storing backup files at an alternate offsite location by either electronically transferring them to that designated location or by creating tapes to ship to the alternate offsite storage facility.

    14. Developing and maintaining scorecard/metrics to keep BOD personnel, Security Program Management Officers (PMOs), and Associate Chief Information Officers (ACIOs) informed about the status of annual ISCP exercising/testing progress.

    15. Collaborating with IT representatives to define and document the evidence and artifacts needed to validate testing activities.

    16. Uploading completed exercise/test evidence and documentation to Treasury FISMA Inventory Management System (TFIMS), uploading the updated ISCPs to TFIMS and to the Toolkit Suite Command Center (TSCC), and recording the completed test dates and ISCP completion dates into TFIMS.

    17. Recording the completed ISCP testing dates and ISCP update completion dates into TFIMS.

    18. Uploading updated ISCPs to TFIMS and Toolkit Suite Command Center (TSCC).

    19. Maintaining and updating ISCP and DR testing processes, templates, and procedures.

IRS Information Technology (IRS IT) Services Operations

  1. IRS IT operations provides support for all IRS information technology with only documented exceptions. During the ISCP tabletop exercises, DR exercises and DR tests, IRS IT shall:

    1. Support the activities that relate to exercises and tests of the ISCP and procedures.

    2. Perform system backup, rebuild, recovery, reconstitution, cutover, relocation, etc., for systems supported and/or owned by IRS IT.

    3. Provide documented backup procedures to include information about the backup frequency, encryption of backup media, offsite storage, and timelines for receipt of backup media from offsite storage during normal working hours and after hours.

    4. Perform ISCP exercises and DR tests annually for applications and systems supported and/or owned by IRS IT.

    5. Provide resources for ISCP and DR exercises and tests annually for applications and systems supported and/or owned by IRS IT, including staffing and procuring funded backup solutions and equipment for DR tests.

    6. Complete the ISCP & DR Testing Checklist (see Exhibit 10.8.62-1) to report the results of all functional exercises, recovery tests, and operational recoveries of production servers that host applications in the FISMA Master Inventory.

    7. Provide annual recommendations for updates to the ISCP Functional Exercise Methodology and Procedures (see Exhibit 10.8.62-2).

    8. Facilitate planning meetings between various IRS IT and BOD areas in preparation for scheduled DR tests.

    9. Create the schedule of daily exercise activities and milestones in preparation for scheduled DR tests.

    10. Coordinate with appropriate areas when creating DR test scenario and scope.

    11. Coordinate with the Knowledge Incident/Problem Service Asset Management (KISAM) Project Office and Enterprise Service Desk for support and use of the KISAM system during DR tests.

    12. Coordinate with appropriate areas (Cybersecurity, BODs, AD, etc.) to develop a DR test schedule to include necessary FISMA assets.

    13. Facilitate post DR test meetings with test participants to review issues and resolutions to determine if any followup actions are required by appropriate areas.

    14. Work with appropriate areas to close action items that appear on the Vulnerabilities Matrix.

  2. The appropriate IRS IT organizations responsible for supporting the ISCP shall review, update, exercise, and/or test the ISCP at least annually (or as significant changes occur).

  3. Information system resources owned by Contractors or Vendors on behalf of the IRS and by BODs shall also be compliant with the IRS IT requirements identified within this IRM.

Business Operating Division (BOD) Information System Owners

  1. The BOD/Information System Owner is responsible for:

    1. Ensuring that systems or applications’ ISCP are exercised and tested annually. (For step-by-step procedures see the BOD ISCP & DR Testing Job Aid, Exhibit 10.8.62-3.)

    2. Ensuring that the most current version of the ISCP is kept in the TFIMS authoritative repository for FISMA documentation, and that the current plan is used during all ISCP exercises and DR tests.

    3. Reviewing the most current version of the Plan of Action and Milestones (POA&M) prior to performing exercises or tests to identify ISCP- and DR-related issues, both open and recently closed, for inclusion in the current exercise or test to determine if the annual ISCP tests could provide a closing action for the finding.

    4. Completing the ISCP & DR Testing Checklist (see Exhibit 10.8.62-1) prior to tabletop exercises and ensuring that tabletop participants each receive a copy of the completed Checklist for use during the exercise.

    5. Participating in tabletop exercises using the ISCP & DR Testing Checklist (the Checklist) to ensure that systems or applications’ ISCPs are kept current and accurate and participants validate roles and procedures documented in the plans.

    6. Providing annual recommendations for updates to the ISCP testing methodology and templates.

    7. Ensuring that the application's/system's AO receives and reviews the results, summary findings, and ISCP changes after tabletop and functional exercises. The AO shall validate that tabletop and functional exercises are completed by signing and dating the ISCP & DR Testing Checklist. The BOD shall then ensure that the changes from the Checklist are incorporated into the ISCP within 90 calendar days from the date the AO signed the Checklist, or June 1, whichever comes first.

    8. Forwarding the completed exercise documentation for uploading into TFIMS to ISCPT.

    9. Performing the IRS IT activities during ISCP exercises and tests for BOD-owned systems and applications that are not supported by IRS IT.

  2. Information system resources owned by Contractors or Vendors on behalf of the IRS shall also be compliant with the IRS IT requirements identified within the IRS IT Operations section in this IRM.

Information System Contingency Plan (ISCP) Coordinator

  1. The ISCP Coordinator, having selected and implemented the backup and system recovery strategies, shall designate appropriate teams to implement the strategy.

IT Security Controls

  1. Refer to IRM 10.8.1 for the other security control families other than Contingency Planning.

  2. The Contingency Planning controls in IRM 10.8.60 supplement the Contingency Planning requirements defined in IRM 10.8.1.

  3. In addition to the Contingency Planning requirements defined in IRM 10.8.1 and IRM 10.8.60, the following sections for contingency planning and disaster recovery test, training, and exercising requirements shall be applied.

CP – Contingency Planning (CP)

  1. See IRM 10.8.1 and IRM 10.8.60, for additional guidance on Contingency Planning. (IRS-defined)

  2. IRM 10.8.62 satisfies the requirements of this security control with regard to policy.

ISCP and DR Test, Training, and Exercises (TT&E) Requirement
  1. All IRS applications and systems listed in the FISMA master inventory are required to undergo a tabletop exercise of the ISCP annually for all categories of potential impact on availability. (IRS-defined)

  2. In addition to an annual tabletop exercise, applications and systems with a FIPS 199 LOW and MODERATE categorization also require a functional exercise (described in the Functional Exercises section) be performed annually. (IRS-defined)

  3. Applications and systems that are CIP assets or systems that have a FIPS 199 HIGH categorization, in addition to the annual tabletop exercise, shall also undergo testing (described in DR Tests section) which is equivalent to a DR activity such as a cutover test or complete restoration of the system. (IRS-defined)

  4. All annual testing and exercises shall be completed during the July 1 through June 30 timeframe each year in order to meet IRS FISMA reporting requirements. (IRS-defined)

  5. For each tabletop exercise activity conducted, the results shall be documented in the ISCP & DR Testing Checklist testing artifact with all changes identified in the exercise. (IRS-defined)

Test, Training, and Exercises (TT&E) Program
  1. Organizations shall develop and operate a testing program in non-disaster situations so that IRS leadership and personnel have familiarity with contingency plans and procedures and validates the IRS’ contingency capabilities through regular tests, training, and exercises. It can also identify issues or deficiencies for remediation. (IRS-defined)

  2. Exercises and tests offer different ways of ensuring that ISCPs provide viable and actionable procedures to recover or restore IRS systems and applications to their original state in the event of a disruption. (IRS-defined)

  3. Steps to establish a Test, Training and Exercise (TT&E) program should include the following: (NIST 800-84: Chapter 2)

    1. Develop TT&E policy

    2. Identify TT&E roles and responsibilities

    3. Establish overall TT&E schedule

    4. Document TT&E methodology for planning and performing TT&E events
      i. Design the event - topic, scope, roles and responsibilities and objectives.
      ii. Develop the event documentation - briefing materials, participant manuals, instructor and facilitator guides, test plans and scripts, and evaluation criteria.
      iii. Conduct the event.
      iv. Evaluate lessons learned from the event.

  4. The following elements should be included in a TT&E policy: (NIST 800-84: Section 2.1)

    • Purpose

    • Effective date

    • Objectives

    • Applicability and scope

    • Authorities and related policies

    • Roles and responsibilities of key business units and staff positions

    • TT&E requirements

    • TT&E review and approval

    • Enforcement and compliance

    • Points of contact for additional information

    • Definition of terms

  5. Refer to National Institute of Standards and Technology (NIST) Special Publication (SP) 800-84, Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities, for guidance on establishing an effective ISCP testing program and the various methods and approaches for conducting exercise activities. (IRS-defined)

  6. All tests and exercises shall include some kind of determination of the effects on the organization’s operations and provide for a mechanism to update and improve the plan as a result. (IRS-defined)

  7. The depth and rigor of ISCP testing activities increases with the FIPS 199 availability security objective. Refer to the ISCP templates (FIPS 199 LOW, MODERATE, and HIGH systems) in NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, for details for conducting testing activities appropriate to their respective impact level. (IRS-defined)

    • For LOW and MODERATE-impact systems, a tabletop and functional exercise shall be conducted annually to ensure that a basic level of recovery capability is available for all IRS FISMA assets. The tabletop should follow a scenario that simulates a disruption, include points of contact whose roles appear in the ISCP, be attended by the business and system owners or responsible authority, and be facilitated by ISCPT personnel. The functional exercise should include an element of system recovery from backup media and is performed by IRS IT or BOD IT personnel on behalf of the BODs.

    • For HIGH-impact systems or Critical Infrastructure Protection assets, a tabletop exercise and a full-scale end-to-end or DR test shall be conducted annually to ensure that a full recovery capability is available for all the most critical IRS FISMA assets. The tabletop should follow a scenario that simulates a disruption, include points of contact whose roles appear in the ISCP, be attended by the business and system owners or responsible authority, and be facilitated by ISCPT personnel. The full-scale test should include a system restoration at the alternate location. This could include additional activities such as full notification and activation of key personnel to the recovery location, recovery of a server or database from backup media or setup, and processing from a server at an alternate location. The test shall also include a full recovery and reconstitution of the information system to a known state.

Information System Contingency Plan (ISCP)
  1. The ISCP shall provide procedures and capabilities for recovering a system or application in the event of an information system disruption. The plan shall address the resources, roles, responsibilities, and procedures for restoration of information systems and recovery of business applications and processes after a disruption. (IRS-defined)

Keystroke Procedures
  1. The keystroke procedures located within the ISCP are an information system-focused part of the plan that applies to major, usually catastrophic, events that deny access to the normal facility or information system for an extended period of time. The plan is designed to restore operability of the target system, application, or computer facility at an alternate site after an emergency. (IRS-defined)

  2. The purpose of the keystroke procedures is to provide detailed step-by-step procedures to facilitate recovery of capabilities at an alternate site; the scope is information system-focused and limited to major disruptions with long-term effects. (IRS-defined)

Exercises
  1. As defined in NIST SP 800-84: (NIST 800-84: Chapter 2)

    1. An exercise is a simulation of an emergency designed to validate the viability of one or more aspects of an ISCP.

    2. Personnel with roles and responsibilities in a particular ISCP meet to validate the content of a plan through discussion of their roles and responses to emergency situations, execution of responses in a simulated operational environment, or other means of validating responses that do not include using the actual operational environment.

    3. Exercises are scenario-driven, such as a power failure in one of the organization’s computing centers or a fire causing certain systems to be damaged, with additional situations often being presented during the course of an exercise.

    4. Exercises help to identify gaps and inconsistencies within ISCPs and procedures, as well as cases where personnel need additional training or when training needs to be changed. The deficiencies identified in exercises are documented as part of the exercise process.

Tabletop Exercises
  1. Tabletop exercises are discussion-based exercises only and do not involve deploying or recovering systems, equipment, or other resources. Personnel meet to discuss their roles during an emergency and their responses to a particular emergency situation. During the tabletop exercise, participants also validate information or procedures in the plan to identify outdated information or procedures in the plan that need to be updated and corrected. (NIST 800-84: Chapter 4)

  2. The need for a tabletop exercise should be evaluated and a schedule should be created. Organizations should conduct tabletop exercises periodically; following organizational changes, updates to an IT plan, or the issuance of new TT&E guidance; or as otherwise needed. Managers should be notified and their approval obtained when a tabletop exercise is being scheduled. (NIST 800-84: Section 4.1)

  3. The topics should be determined. Discussion topics may include the roles and responsibilities of personnel with regard to disaster recovery and incident response. Discussion topics may also include processes and procedures for disaster recovery and incident response. (NIST 800-84: Section 4.2.1)

  4. The scope should be determined. Senior-level teams and operational-level teams should participate in separate tabletop exercises initially because of their different levels of responsibility and then in a combined exercise to validate coordination between the groups. (NIST 800-84: Section 4.2.2)

  5. The objectives of any tabletop exercise are to validate the content of the ISCP and related policies and procedures, validate participants’ roles and responsibilities as documented in the plan, validate the interdependencies documented in the plan, and validate meeting regulatory requirements.

  6. The participants should be identified. (NIST 800-84: Section 4.2.4)

    1. Senior-level personnel should be invited to participate if the primary exercise objective is to validate the decision-making and oversight processes within the plan.

    2. Operational-level personnel should be invited to participate if the primary exercise objective is to validate operational procedures within the plan.

    3. Senior-level and operational-level personnel should be invited in combined exercises to discuss individual and team roles and responsibilities and coordination requirements.

      Note:

      If tabletop exercise participants have not been trained on their roles and responsibilities within the plan prior to the tabletop exercise, the TT&E program coordinator should consider conducting a training event before the tabletop exercise.

  7. The tabletop exercise staff should be identified. (NIST 800-84: Section 4.2.5)

    1. The exercise facilitator leads the discussion among the exercise participants. The exercise facilitator also keeps focus of discussion on tabletop objectives.

    2. The data collector records information about the actions that occur during the exercise.

      Note:

      The tabletop exercise staff should be thoroughly familiar with the content of the IT plan being exercised, as well as previous related tabletop exercises, in order to assist in mitigation of potential issues.

  8. Logistics should be coordinated. Sample logistics checklist for tabletop exercise events may include the following: (NIST 800-84: Section 4.2.6)

    • Exercise date

    • Location/Conference room

    • Audio/Visual equipment

    • Facilitator and data collector identifications

    • Participant identifications

    • Participant invitations

    • Copies of facilitator and participant guides

    • Name tents

    • Conference room setup

    • Refreshments

    • Backup file copies on removable media

  9. The tabletop exercise material should be developed. (NIST 800-84: Section 4.3)

    1. The briefing is comprised of agenda and logistics information for participants.

    2. The facilitator guide is comprised of the following:
      i. The purpose for conducting the exercise
      ii. The exercise’s scope and objectives
      iii. The exercise’s scenario, which is a sequential, narrative account of a hypothetical incident that provides the catalyst for the exercise and is intended to introduce situations that will inspire responses and thus allow demonstration of the exercise objectives
      iv. A list of questions regarding the scenario that address the exercise objectives
      v. A copy of the IT plan being exercised.

      Note:

      Samples of exercise scenarios and related lists of questions are available from NIST SP 800-61, Computer Security Incident Handling Guide, and NIST SP 800-83, Guide to Malware Incident Prevention and Handling.

    3. The participant guide includes the same information as the facilitator guide with a shorter, modified list of questions.

    4. The after action report documents information captured during the exercise. This report provides a means to evaluate how well exercise objectives were met and identify areas where additional exercises might be necessary.

  10. The ISCP and DR Testing Checklist is an IRS internal document designed to assist BODs and support staff in navigating through tabletop exercise events. See Exhibit 10.8.62-1 for the Checklist Template at the end of this document. (IRS-defined)

Functional Exercises
  1. Functional exercises allow personnel to validate their operational readiness for emergencies by performing their duties in a simulated operational environment. A functional exercise is designed to exercise the roles and responsibilities of specific team members, procedures, and assets involved in one or more functional aspects of a plan (e.g., backup procedures, communications, emergency notifications, information system equipment setup). (NIST 800-84: Chapter 5)

  2. Functional exercises vary in complexity and scope, from validating specific aspects of a plan (e.g., backup retrieval, reading backup data, and validation of offsite storage) to exercising all plan elements in a simulation. (NIST 800-84: Chapter 5)

  3. Functional exercises allow staff to execute their roles and responsibilities as they would in an actual emergency situation, but in a simulated manner. (NIST 800-84: Chapter 5)

  4. The need for a functional exercise should be evaluated and a schedule should be created. Organizations should conduct functional exercises periodically; following organizational changes, updates to an IT plan, or the issuance of new TT&E guidance; or as otherwise needed. Adequate staff training and tabletop exercises should take place before engaging in a functional exercise. Managers should be notified and their approval obtained when a functional exercise is being scheduled. (NIST 800-84: Section 5.1)

  5. The topics should be determined. Topic areas chosen should depend on whether the exercise will address the full plan or specific aspects of the plan. (NIST 800-84: Section 5.2.1)

    1. Topic areas addressing the full plan may include the following:
      i. Validating the plan’s procedures
      ii. Evaluating an organization’s ability to implement the plan
      iii. Assessing interdependencies of organizations and personnel responsible for carrying out the plan.

    2. Topic areas that are more narrowly focused on specific aspects of the plan may include the following:
      i. Assessing the plan’s alert and notification process
      ii. Validating personnel responsibilities associated with the operational phase of the plan
      iii. Evaluating the processes involved in resuming normal operations

  6. The scope should be determined based on which portions of the IT plan (or all of it) should be exercised, such as activation and notification, recovery or reconstitution. (NIST 800-84: Section 5.2.2)

    1. The emphasis of initial functional exercises should be placed on operational-level team roles and responsibilities.

    2. As an organization’s TT&E program matures, senior-level participants should be engaged in functional exercises to fully validate decision-making aspects of the plan.

    3. A robust TT&E program should ensure that all elements of a plan are exercised. A comprehensive exercise of an entire IT plan is sometimes known as a full-scale exercise.

  7. The objectives should be identified. Objectives may include the following: (NIST 800-84: Section 5.2.3)

    • Validation of the content of the IT plan

    • Validation of participants’ roles and responsibilities as documented in the plan

    • Validation of the interdependencies documented in the plan

    • Provision of opportunities for participants to get hands-on practice in executing their functions

    • Validation of meeting regulatory requirements

  8. The participants should be identified. (NIST 800-84: Section 5.2.4)

    1. Senior-level personnel should be invited to participate if the primary exercise objective is to validate the decision-making and oversight processes within the plan.

    2. Operational-level personnel should be invited to participate if the primary exercise objective is to validate operational procedures within the plan.

    3. For full-scale exercises, senior-level and operational-level personnel should be invited to validate the full-scale readiness of a plan.

      Note:

      If functional exercise participants have not been trained on their roles and responsibilities within the plan prior to the functional exercise, the TT&E program coordinator should consider conducting a training event before the functional exercise.

  9. The functional exercise staff should be identified. (NIST 800-84: Section 5.2.5)

    1. The exercise director is responsible for all aspects of the exercise, including staffing, development, conduct, and logistics.

    2. Controllers are designated by the exercise director to monitor, manage, and control exercise activity.

    3. Data collector records information about the actions that occur during the exercise.

    4. Simulators assume the roles of various internal and external entities that are not participating in the event, such as other government organizations, private citizens, or law enforcement, and whose input or participation is necessary to the flow of the exercise.

      Note:

      The functional exercise staff should be thoroughly familiar with the content of the IT plan being exercised.

  10. Logistics should be coordinated. Sample logistics checklist items for functional exercise events may include the following: (NIST 800-84: Section 5.2.6)

    • Exercise date

    • Arrangements made with facility manager(s) at the facilities at which the exercise is conducted

    • Controller, data collector, and simulator identifications

    • Participant identifications

    • Participant invitations

    • Copies of controller, data collector, simulator, and participant books

    • Name tents

    • Transportation and billeting

    • Setup and configuration of appropriate equipment at exercise site(s)

    • Refreshments

    • Supply checklist to include items such as power strips, extension cords, markers, and tape for the control cell

    • Backup file copies on removable media

  11. The functional exercise material should be developed. (NIST 800-84: Section 5.3)

    1. Briefings are created for participants and the exercise staff. The briefings document any information pertaining to the scope and objectives of the exercise, rules of engagement, and administrative aspects of the event.

    2. Scenarios are sequential, narrative accounts of hypothetical incidents that provide catalysts for exercises and are intended to introduce situations that will inspire responses and thus allow demonstration of the exercise objectives.

      Note:

      Samples of exercise scenarios are available from NIST SP 800-61 and NIST SP 800-83.

    3. The master scenario events list (MSEL) is a chronologically sequenced outline of the simulated events and key event descriptions that participants will be asked to respond to during an exercise.

    4. Message injects are pre-scripted messages that will be given to participants during the course of an exercise. Each message inject contains information designed to supplement the scenario and prompt additional actions. Each MSEL entry may have multiple injects associated with it. Each inject includes the following:
      i. The time at which the message will be injected
      ii. To whom it will go
      iii. From whom the message will come
      iv. The means by which it will be delivered (e.g., fax, phone, e-mail)
      v. The actual text of the message

    5. The message inject tracking form tracks the following details about message injects throughout the functional exercise:
      i. The inject numbers
      ii. Scheduled times for the messages to be injected into the exercise
      iii. Actual times that the messages were injected
      iv. Summaries of the message
      v. Comments for the individuals injecting the messages

    6. Controller, data collector, and simulator books contain information pertinent to exercise staff and their roles during exercises. The books contain exercise scenarios, MSEL, and injects.

    7. The after action report documents information captured during the exercise. This report provides a means to evaluate how well exercise objectives were met and identify areas where additional exercises might be necessary.

DR Tests
  1. In the context of DR, a test is the method used to evaluate the organization's readiness and ability to recover a system from varying degrees of non-functioning to its original functional state by following authorized keystroke procedures. Components of tests are listed in these sections, such as using quantifiable metrics to validate the operability of an information system or system component in an operational environment specified in an ISCP. (IRS-defined)

    Note:

    The term test is reserved for testing system hardware/software/OS recovery capability or system components; it is not used to describe exercising plans.

  2. Tests are used to measure the effectiveness and suitability of the processes and procedures contained in ISCPs related to the systems being tested and to evaluate compliance with an information system contingency. In the event of a disaster or disruption, the goal is to be able to use tested ISCPs to ensure that following documented operational procedures and plans will result in successful recovery of business applications and systems. (IRS-defined)

  3. The scope of tests can range from individual system components or systems to comprehensive tests of all systems and components that support an ISCP. Examples of tests are: (NIST 800-84: Section 6.2.1)

    1. Component tests - Restoring a system by retrieving backup data from offsite storage and loading the data to test the usability of the data.

    2. System tests - Restoring multiple components such as the operating system, database, and system software by using data stored offsite.

    3. Comprehensive tests - Testing all systems and components that support an IT plan.

    4. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  4. A test is conducted in as close to an operational environment as possible, testing components, or systems used to conduct daily operations. (NIST 800-84: Section 6.3)

  5. If feasible, an actual test of the components or systems used to conduct daily operations for the organization can be used to comply with the ISCP testing program’s annual requirements. (NIST 800-84: Section 6.3)

  6. Tests that result in components or systems malfunctioning or becoming inoperable could indicate problems in personnel training or in DR plans and procedures. (NIST 800-84: Chapter 2)

  7. Each information system component shall be tested to confirm the accuracy of individual recovery procedures. (IRS-defined)

  8. Each information system shall have a contingency plan that addresses the following areas, as applicable: (IRS-defined)

    • Notification procedures

    • System recovery on an alternate platform from backup media

    • Internal and external connectivity

    • System performance using alternate equipment

    • Restoration of normal operations

    • Other planned tests (where coordination is identified, i.e., Continuity of Operations Plan (COOP), Business Continuity Plan (BCP))

  9. Additional test plan requirements: (IRS-defined)

    1. The test plan shall include a schedule detailing the timeframes for each test and test participants.

    2. The test plan shall clearly delineate scope, scenario, and logistics.

    3. The scenario chosen may be a worst-case incident or an incident most likely to occur.

    4. It should mimic reality as closely as possible.

  10. The need for a DR test should be evaluated and a schedule should be created. Organizations should conduct DR tests periodically; following organizational changes, operational changes, regulated mandates, updates to an IT plan, or the issuance of new TT&E guidance; or as otherwise needed. Participants should be trained on their roles and responsibilities within the DR test prior to the DR test. Managers should be notified and their approval obtained when a DR test is being scheduled. (NIST 800-84: Section 6.1)

  11. The DR test event should be designed. (NIST 800-84: Section 6.2)

    1. The level of the test (component, system, or comprehensive) may affect the time required to develop the test, the level of complexity for the test, and the length of time the test will take.

  12. The objectives should be identified. (NIST 800-84: Section 6.2.2)

    1. The test plan may consist of a series of smaller individual tests each designed to examine a part of the component, system, or group of components and systems being tested. The objectives for each test should be to measure, check, or verify whether the component, system, or group of components and systems satisfies its intended purpose and functions adequately.

    2. Where possible, the expected results or outcomes should be expressed in an objective and measurable manner, with subjective measurements being minimized. The results should be quantifiable and repeatable to the extent reasonably possible.

    3. Sample test events may include the following:
      i. Restoring a backup
      ii. Moving a server from one room to another
      iii. Upgrading or patching operating systems or applications
      iv. Changing hardware components (e.g., swapping hard drives, replacing a failed power supply)
      v. Activating call tree cascades and determining if they can be executed within prescribed time limits
      vi. Removing power from a system or system component

  13. The testing tools should be determined. Testing tools may include the following: (NIST 800-84: Section 6.2.3)

    • Software or hardware tools, such as network sniffers and vulnerability scanners

    • Measurement and recording devices, such as stopwatches, cameras, and video recorders

    • Checklists used to measure adherence to defined processes and procedures

    • Logistical support, such as radios, cell phones, and badges

  14. The participants should be identified. (NIST 800-84: Section 6.2.4)

    • The first level of participant consists of the individuals who are operating the components or systems being tested and should be notified well in advance of the test through an e-mail or memorandum.

    • The second level of participant consists of those individuals who are not directly involved in the test, but who might be impacted by the test or related activities, and should be notified before the test occurs.

  15. The DR test staff should be identified. (NIST 800-84: Section 6.2.5)

    • The test director is responsible for all aspects of the exercise, including staffing, development, conduct, logistics, and oversight of the design team.

    • The design team may include subject matter experts in the areas being tested. Members of the design team develop the test plan and should not be participants in the test; instead, they can be test observers, facilitators, data collectors, or controllers.

    • Controllers are designated by the exercise director to monitor, manage, and control exercise activity.

    • Data collector records information about the actions that occur during the exercise.

      Note:

      The DR test staff should be thoroughly familiar with the content of the IT plan being exercised, as well as previous exercises and tests, in order to assist in mitigation of potential issues.

  16. Logistics should be coordinated. Sample logistics checklist items for DR tests may include the following: (NIST 800-84: Section 6.2.6)

    • DR test date

    • Identification of component(s) for testing

    • Controller, data collector, and simulator identifications

    • Participant identifications

    • Invitations for organizational meeting

    • Test plan development

    • Conference room reservation

    • Audio/visual equipment

    • Setup and configuration of appropriate testing equipment

    • Testing equipment training for evaluators

    • Refreshments

    • Supply checklist to include required testing tools, measurement and recording devices, and items such as nametags/nametag holders, clipboards, and pens

    • Backup file copies on removable media

    • Conference room setup

    • Dry-run/walk through of the test

    • Procedures to terminate the test

  17. The DR test material should be developed. (NIST 800-84: Section 6.3)

    1. Briefings are developed for senior management, and for the managers of others that might be affected by the test, to provide an understanding of what the test will comprise and why it is important.

    2. The test guide outlines the basic steps involved in conducting a test and includes a list of the participants. Procedures for early termination of the test should be included.

    3. Test plans list steps that will be performed, required logistical items, expected outcomes, early test termination procedures, and emergency contact numbers.

    4. The after action report, or Summary Report, contains an overall synopsis of the DR test, the results of individual tests, and the recommendations for improvement. This report may be provided to senior management.

Training
  1. Training refers to informing personnel of their roles and responsibilities within a particular information system plan and teaching them skills related to those roles and responsibilities, thereby preparing them for participation in exercises, tests, and actual emergency situations related to the information system plan. (NIST 800-84: Chapter 3)

  2. The scheduling of training sessions will be coordinated closely with the schedules for ISCP tabletop exercises, functional exercises, and DR tests. (NIST 800-84: Chapter 3)

  3. Training sessions will emphasize understanding the ISCP Testing process, to include following documents in preparation for participating in each test or exercise: (IRS-defined)

    1. ISCP – Participants will be able to answer questions about the purpose of the plan, system recovery procedures, specific application processes, recovery roles and responsibilities, notification procedures, and all appendices included in the plan.

    2. ISCP & DR Testing Checklist (see Exhibit 10.8.62-1) – The ISCP Testing Checklist shall be included in the training sessions scheduled prior to all testing and exercise events. Participants will gain knowledge of the purpose of the Checklist, how to complete it, and the procedures for its use during the scheduled exercises and tests of the ISCP.

    3. ISCP and DR Exercise/Testing Schedule – Participants will gain knowledge of the contents of the schedule, how and why it is created, and how it is vetted. The schedule ensures that every application and system in the FISMA Master Inventory is included in exercise and testing activities required under FISMA and that the dates are acceptable.

    4. FISMA Contingency Plan Controls – Participants will gain knowledge of the Contingency Plan family of security controls (NIST 800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations) and how exercising and testing of plans will address deficiencies in compliance with those controls.

  4. Recovery personnel shall be trained on the following plan elements: (NIST 800-34 Section 3.5.2)

    • Purpose of the plan

    • Cross-team coordination and communication

    • Reporting procedures

    • Security requirements

    • Team-specific processes (Activation and Notification, Recovery, and Reconstitution Phases)

    • Individual responsibilities (Activation and Notification, Recovery, and Reconstitution Phases)

ISCP & DR Exercise and Testing
  1. Two weeks before each new FISMA reporting cycle begins (July 1), the ISCPT Staff shall solicit comments from BOD and IRS IT Point-of-Contacts (POCs) to evaluate the lessons learned from the previous ISCP and DR test period to ensure that the test process continues to be viable, cost-effective, resource efficient, and compliant with new regulations. The ISCP & DR Testing Checklist template and ISCP template will be reviewed and revised as necessary. (IRS-defined)

  2. ISCPT Staff will work with appropriate Organizations to develop a testing schedule each year to exercise or test the ISCP, for all the applications and systems found in the FISMA Master Inventory. (IRS-defined)

  3. The ISCPT Staff will facilitate all tabletop exercises for each FISMA reporting cycle. During the Security Assessment and Authorization (SA&A) process, ISCPT personnel will collaborate with the FISMA Certification Program Office (CPO) to ensure that the ISCP testing schedule is in sync with the SA&A process and the Security Control Assessment schedule. (IRS-defined)

  4. The schedule will be reviewed by IRS IT and BOD personnel to ensure that ISCP tabletop exercises, functional exercises, and DR tests are scheduled to coordinate each application, or more than one application if requested on a case-by-case basis, using the following keys: (IRS-defined)

    1. Platform

    2. System

    3. BOD

    4. Site

  5. ISCPT will present the revised ISCP & DR Testing Checklist template, ISCP template, the previous POC lists, and the new ISCP and DR Exercise/Testing Schedule to the Security PMO to initiate the annual exercise and testing activities. The PMO will vet the schedule and the POC list with their respective organizations and will coordinate errors, questions, and changes with the ISCPT Staff through the *IT IT DR Mailbox. When the information is finalized and approved by the Council, ISCPT will use the approved schedule and POC lists to begin the new testing cycle. (IRS-defined)

  6. The approved schedule is published, distributed, and followed to perform ISCP and DR exercises and tests. The schedule includes: (IRS-defined)

    1. A designated ISCPT Staff member as the Facilitator for each tabletop exercise.

    2. Changes as submitted by BOD and IRS IT authorized personnel, documented by ISCPT, and distributed when updated.

    3. Modifications as needed during the annual FISMA reporting cycle.

  7. ISCPT will enter the completed testing and updated ISCP dates in TFIMS for every application and system listed in the FISMA master inventory. (IRS-defined)

  8. Changes in dates of scheduled exercises or tests will be coordinated through the IRS IT and BOD Security PMOs who will coordinate with ISCPT to establish a new date. ISCPT will update the schedule with the new exercise/test date. However, no tests will be scheduled after April 30 of each FISMA reporting cycle and all tests will be completed by June 1 to facilitate loading of all completed test packages in TFIMS by the FISMA reporting deadline of June 30. (IRS-defined)

  9. ISCPT will schedule and present training for all BOD and IRS IT participants to ensure that they are ready to participate in the exercise. ISCPT will answer any questions the POCs may have about the exercise/test process or the Checklist. (IRS-defined)

ISCP & DR Testing Checklist
  1. The Checklist is a three part form that allows BODs and Support Organizations to document multiple exercise/test activities on one form to create one authoritative source to standardize and simplify the archival process. (IRS-defined)

    1. Part A of the Checklist is the Tabletop Exercise

    2. Part B is the Functional Exercise

    3. Part C is the Disaster Recovery (DR) Test or Production Operational Recovery which documents DR Testing activities. See Exhibit 10.8.62-1 for a copy of the Checklist. (IRS-defined)

  2. The ISCP & DR Testing Checklist provides a step-by-step process to guide participants through the most pertinent sections of the ISCP. The Checklist provides an area to document changes for each section in the ISCP and changes to procedures that might be needed. The Checklist also provides areas to document the results of functional exercises and DR tests, if applicable. (IRS-defined)

  3. The Checklist standardizes the process for all applications and systems, and documents all testing activities and ISCP changes. The Checklist serves as the validated artifact for ISCP and DR Testing exercises and events. The Checklist and supporting documentation is uploaded to TFIMS after it has been reviewed and signed by the AO. (IRS-defined)

  4. The Checklist is used to train personnel in their contingency roles and responsibilities with respect to their application or system. (IRS-defined)

  5. Completion of the Checklist documenting performance of the required exercises and/or tests provides the artifact in TFIMS to validate that the following family of controls, if appropriate (Reference NIST 800-53 ): (IRS-defined)

    1. CP-2 Contingency Plan – The ISCP is pulled from TFIMS and distributed to each participant for the tabletop exercise validating that the plan exists.

    2. CP-3 Contingency Training – The requirements, roles and responsibilities, and recovery procedures are discussed as the ISCP is exercised during the tabletop exercise.

    3. CP-4 Contingency Plan Testing and Exercises – Use of the ISCP & DR Testing Checklist to annotate the results of the exercise/test, including entering the completed test date and the AO’s signature and date, provides evidentiary documentation that the plan was exercised and tested.

    4. CP-6 Alternate Storage Site – As the tabletop exercise is performed, the ISCP is reviewed and discussed to ensure that information about backup procedures and an alternate storage site is identified and included in the plan. If backup procedures or alternate storage sites are not in place, a summary finding is annotated on the Checklist to document this issue.

    5. CP-7 Alternate Processing Site – During tabletop exercises, the Application Test Plan shall be reviewed to determine if an alternate processing site, based on the criticality of the application, is a viable option. In the event the infrastructure does not recover at a site where a disruption has occurred, the application Business Owner would have to plan accordingly. Establishment of an alternate processing site could provide a DR solution.

    6. CP-8 Telecommunication Services – Tabletop exercises for IRS IT systems and business applications not supported by IRS IT will include discussions about the telecommunication infrastructure and its DR capabilities, backup procedures, and validation that a DR plan exists for its recovery.

    7. CP-9 Information System Backup – Discussions during tabletop exercises will focus on the ISCP to ensure that backup procedures are documented and implemented. The procedures shall include information about the backup frequency, encryption of backup media, offsite storage, and timelines for receipt of backup media from offsite storage during normal working hours and after hours. If backup procedures have not been implemented, a summary finding is annotated on the Checklist to document this issue.

    8. CP-10 Information System Recovery and Reconstitution – Tabletop discussions for this control will focus on the information in Section 5 of the ISCP to validate that procedures are in place to recover and reconstitute IRS IT systems and applications.

  6. Each BOD will be responsible for identifying a Data Collector who will be responsible for documenting the exercise and/or testing activities as they occur and populating the appropriate parts of the Checklist with the description of the activities. (IRS-defined)

  7. The ISCP & DR Testing Checklist will be used as an artifact in TFIMS to document all tabletop exercises, functional exercises, and DR tests that are scheduled. (IRS-defined)

Conducting Exercises and Tests
  1. The following sections provide procedures and guidance for performance of the activities for the testing and exercising portions of the TT&E Program. (IRS-defined)

  2. When a production program is being tested in the disaster recovery environment (on IRS computer systems in an IRS facility), live data from the production backup media, including entire file(s) and database(s) involved, may be used to test the backup recovery capability of that production data. IRS employees and their contractors with approved access are not required to submit a Live Data Waiver in order to test the restoration/recovery of the live data on the production backup media. (IRS-defined)

Tabletop Exercises
  1. ISCPT will schedule and present training for all BOD and IRS IT participants to prepare them for the current FISMA Cycle ISCP exercises and tests. ISCPT will answer any questions the POCs may have about the test process or the Checklist. (IRS-defined)

  2. Based on the approved testing schedule and IRS IT/BOD POC list, the assigned ISCPT Facilitator will send the standard conference call invitation to all participating POCs 30 days prior to the day of the exercise. The assigned ISCPT Facilitator shall provide the ISCP and DR Testing Checklist with items 1-4 of the checklist pre-populated by the ISCPT to the Data Collector (who is assigned by the BOD Security PMO or AO POC as delegated by the AO). (IRS-defined)

  3. Using the most current version of the ISCP and POA&M stored in TFIMS the Data Collector populates items 5 through 7 and Part A on the Checklist, and if necessary meets with appropriate BOD or IRS IT personnel to complete this task. When exercising and discussing the ISCP, the Data Collector and BOD or IRS IT personnel shall capture noteworthy changes prior to the tabletop. This promotes a more efficient exercise and discussion regarding how to recover the application/system. The assigned ISCPT Facilitator shall provide the ISCP Testing Checklist with items 1-4 of the checklist pre-populated to the Data Collector who is designated by the BOD Security PMO or application/system AO.

  4. After the Checklist is populated, and at least 5 work days prior to the tabletop, the Data Collector shall forward the checklist and the current ISCP to all recipients, including the ISCPT Facilitator. If assistance is needed, the Data Collector shall notify the Facilitator or the designated ISCPT Contacts noted in the invitation. (IRS-defined)

  5. During the tabletop exercise, the Data Collector is responsible for capturing on the Checklist all changes, observations, lessons learned, and summary findings that result from the tabletop discussions. The Date Exercise Completed block shall be entered with the date the tabletop was performed. (IRS-defined)

    1. At the start of the exercise, the facilitator should welcome the participants to the event and request that the participants introduce themselves by name and give a general description of their roles within the organization. The facilitator then projects the briefing and discusses the scope of the exercise and logistics information. The facilitator then walks the participants through the scenario and initiates a group discussion using a question from the facilitator guide. As the discussion continues, the facilitator may inject additional questions periodically. The data collector documents issues to be included in the after action report. (NIST 800-84: Section 4.4)

    2. Immediately following the facilitated discussion, the facilitator and data collector should conduct an exercise debrief, in which they ask the participants in which areas they felt they excelled, in which areas they could use additional training, and which areas of the plan should be updated. (NIST 800-84: Section 4.4)

  6. The Data Collector then has 7 work days to update the Checklist with the result of the exercise. The Facilitator will coordinate with the Data Collector as needed to provide guidance and to compare notes taken during the exercise. (IRS-defined)

    1. The comments from the debrief, along with lessons learned during the exercise, shall be captured in the after action report. The report should include background information about the exercise, documented observations made by the facilitator and data collector, and recommendations for enhancing the IT plan that was exercised. (NIST 800-84: Section 4.5)

    2. Following the development of the after action report, the plan coordinator might assign action items to select personnel to update the IT plan being exercised. Managers may need to be briefed on the results. (NIST 800-84: Section 4.5)

  7. After the Checklist update is completed, the Data Collector shall send it to the *IT IT DR Mailbox and the BOD Security PMO. ISCPT shall enter the date the checklist was received in the test tracking log and forward it to the assigned ISCPT Facilitator, who shall review the Checklist to ensure that all information has been recorded. If Checklist corrections are needed, the Facilitator will coordinate with the Data Collector to ensure that the modifications are made. (IRS-defined)

  8. Depending on the required exercises or tests, the ISCPT Facilitator can hold the Checklist until all other testing has been completed and can be documented in Part B or Part C of the Checklist. If no other testing is required, the ISCPT Facilitator shall send the Checklist back to the Data Collector and the BOD Security PMO within 7 work days for final signature (digital signature is acceptable) by the AO or the AO Designee. (IRS-defined)

  9. The AO or AO Designee has a 30 calendar day maximum timeframe for signing the Checklist unless the June 1 deadline is less than 30 days, then the checklist is due on June 1. The AO or Designee shall return the signed Checklists to ISCPT as soon as possible to avoid delays in uploading the completed test packages into TFIMS prior to the end of the FISMA reporting cycle. (IRS-defined)

  10. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  11. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

Functional Exercises
  1. Functional exercises are performed by IRS IT personnel or by the BOD’s information system personnel when the application is not supported by IRS IT. During the performance of the functional exercises, IRS IT personnel or BOD information system personnel will complete the ISCP & DR Testing Checklist Part B as they go through the exercise. (See Exhibit 10.8.62-1.) (IRS-defined)

  2. See Exhibit 10.8.62-2, ISCP Functional Exercise Methodology and Procedures. This exhibit provides step-by-step procedures for a backup retrieval and sampling pull for functional exercise activities. All functional exercises will be conducted using the approved procedures in Exhibit 10.8.62-2. (IRS-defined)

  3. As the production environment implements new technologies, strategies, and procedures, IRS IT and SRM shall assess when to modify Exhibit 10.8.62-2 procedures to ensure that functional exercises can be performed to accommodate the updated production environment. (IRS-defined)

  4. During the functional exercise, the IRS IT or BOD information system personnel shall take screen prints of the backup tool index header and tape or server listing to validate the method used to backup system files and/or application data files. Take additional screen prints to validate that the data on the backup media is readable. The IRS IT or BOD information system personnel will also provide evidence in the form of routing sheets, logs, or e-mail requests proving the length of time needed between the request for backup data from offsite storage and the receipt of that data at the test site. (IRS-defined)

    1. Functional exercises should be conducted in real or near-real time and should prompt participants to carry out their roles and responsibilities as realistically as possible. A functional exercise is often initiated by alerting selected personnel of the implementation or activation of a specific IT plan. Participants are expected to carry out operational or decision-making activities documented in the plan, whether in a simulated environment or at the alternate processing site. The exercise controllers administer the exercise, including introducing the scenario and message injects to participants. Data collectors directly observe participant actions during the exercise. Simulators assume the roles of entities that are not participating in the event, such as external organizations or private citizens. (NIST 800-84: Section 5.4)

      Note:

      A control cell is a central location for exercise coordination, typically in a separate area from the exercise participants. From the control cell, the controllers introduce the scenario and message injects to participants. Controllers administer the exercise by referring to the message inject tracking form and MSEL to ensure the exercise remains on schedule and within scope.

    2. The exercise director announces the conclusion of the exercise. Immediately following the exercise, the exercise director, controllers, and data collectors conduct an exercise debrief with the participants, requesting feedback from everyone present. (NIST 800-84: Section 5.4)

    3. The comments from the debrief, along with information about the exercise, documented observations made by the exercise staff, and recommendations made during the exercise, should be captured in an after action report. Managers may need to be briefed on functional exercise results. (NIST 800-84: Section 5.5)

  5. IRS IT or BOD information system personnel shall also provide evidence to validate that documented backup procedures are in place including information about the backup frequency, encryption of backup media, offsite storage site, and timelines for receipt of backup media from offsite storage during normal working hours and after hours. (IRS-defined)

  6. If there is no documented procedure described in the backup process, annotate the Summary Findings section in Part B of the Checklist to document this issue. (IRS-defined)

  7. Annotate the Summary of Findings section if the backup tapes are corrupted and/or irretrievable, or if evidence cannot captured for the exercise. (IRS-defined)

  8. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  9. ISCPT will ensure that the populated Checklist received from the IT personnel who performed the functional exercise is consolidated with the Tabletop Exercise Checklist. ISCPT will review the evidence submitted for the functional test to ensure it supports the testing was completed. ISCPT will then create the evidence package and finalize the results of the completed exercises in preparation for the AO signature. (IRS-defined)

  10. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  11. Upon receipt of the signed Checklist and supporting documentation from the AO POC, ISCPT shall upload the Checklist into TFIMS as the validated artifact along with all supporting documentation. (IRS-defined)

DR Tests
  1. IRS is required to perform DR tests on all applications with a FIPS 199 High categorization and for CIP assets. These tests are designed to evaluate IRS readiness to cutover, relocate, restore, or rebuild IRS systems/applications. (IRS-defined)

  2. DR tests involve activities such as performing cutovers from one platform or system to another, relocation of systems/applications, or recovery of platforms and their hosted applications. As DR tests are performed on systems, sites, or platforms, hosted applications can benefit from these tests through coordination of the application ISCP review and the DR test activities. (IRS-defined)

  3. IRS IT personnel perform DR tests unless IRS IT does not support the application. The BOD’s information system personnel perform DR tests when the application is not supported by IRS IT. During the performance of the DR Test IRS IT personnel or BOD information system personnel shall complete the ISCP & DR Testing Checklist Part C, and Test Case templates as they go through the test. (See Exhibit 10.8.62-1.) (IRS-defined)

  4. The ISCPT Staff will coordinate with IRS IT organizations to identify components, systems, and/or comprehensive tests to be planned based on FISMA, Treasury, and NIST requirements, and IRS executive-level priorities. (IRS-defined)

  5. Production operational recoveries can also be considered in meeting FISMA and ISCPT program requirements. The Service may also consider combining tests with planned operational activities, such as restoring a backup, moving a server from one room to another, upgrading or patching operating systems or applications, or changing hardware components (e.g., swapping hard drives, replacing a failed power supply). The results of this collaboration will define the scope and objectives for the tests. (IRS-defined)

  6. The ISCPT Staff will collaborate with designated BOD POCs to determine if the tests identified in collaboration with IRS IT are compatible with the priorities and processing timeframes of the Business Unit. ISCPT will coordinate with BODs to determine the level of involvement required from the BOD POCs. (IRS-defined)

  7. The ISCPT Staff shall create a test schedule based on IRS and FISMA requirements, FISMA timeframes, and business processing priorities. (IRS-defined)

  8. The ISCPT Staff will coordinate the following activities with IRS IT and BOD POCs to ensure that the Test Case Template, Test Activities Worksheet, ISCP & DR Testing Checklist, Summary Report, and all testing documentation is completed before, during, and after testing. ISCPT shall: (IRS-defined)

    1. Coordinate with the designated IRS IT organization to ensure that population of the Test Case Template has been completed with pertinent information about the test such as scope detail, objectives, recovery personnel, support personnel, and test activities is performed.

    2. Ensure that IRS IT POCs identify the files needed to be transmitted in preparation for the tests and determine the date for transmission of data via IRS approved protocols.

    3. Coordinate with Enterprise Computing Center (ECC) Security Management Office (SMO) personnel to reserve a conference room to hold meetings before, during, and after planned test activities as needed.

    4. Coordinate with stakeholders to ensure that pre-test activities are completed.

    5. Facilitate the creation of procedures to terminate the test in case operational issues necessitate it.

    6. Coordinate with IRS IT and BOD POCs to ensure that all test participants including end users are familiar with the test termination procedures.

    7. Coordinate with IRS IT POCs to ensure that BOD end users are not adversely affected during planned test activities.

    8. Conduct the DR test. (NIST 800-84: Section 6.4)
      i. The locations for tests vary based on the type of test being conducted and the test’s scope.

      Note:

      For example, a small component test could be conducted in a single office, while a comprehensive test of components and systems for an IT plan could involve many different parts of an organization in various locations.


      ii. During a test, the mission of the organization should not be disrupted to the extent that the organization can no longer function and provide the services that it was created to provide. If there is any sign of a possible catastrophic disruption, or the safety of an individual is at stake or the security of the organization or its data is in question, the test director and any other member of the test staff should have the ability to terminate the test immediately.
      iii. After the test concludes, the test director and data collectors should conduct an informal test debrief, requesting feedback from everyone present.

    9. Coordinate with IRS IT POCs at the end of the test to ensure that test deactivation procedures are completed.

    10. Review and evaluate the completed Test Case Template, worksheets, findings, corrective actions, and all test evidentiary documentation.
      i. The comments from the debrief, along with information about the DR test, documented observations made by the exercise staff, and recommendations made during the DR test, should be captured in an after action report. Managers may need to be briefed on DR test results. (NIST 800-84: Section 6.5)

    11. Populate a test Summary Report to include findings, corrective actions, lessons learned, and summarize test worksheet results.

    12. Facilitate post test meetings as needed to go over Summary Report, lessons learned, and corrective actions.

Annual FISMA Reporting Cycle Activities
  1. The following sections describe the activities needed to capture the results of the ISCP testing program. Reporting and testing artifact control are critical to the successful completion of the exercise and testing process each FISMA cycle.year and are performed on a regular basis throughout the FISMA Reporting Cycle. (IRS-defined)

Scorecard
  1. For the purposes of reporting on the progress of exercises and testing, ISCPT shall maintain a scorecard to document the progress of the ISCP tabletop and functional exercises and the status of the DR tests. (IRS-defined)

Treasury FISMA Inventory Management System (TFIMS)
  1. ISCPT shall input all activities and documentation into TFIMS in a timely manner. All changes to the application or system shall be recorded in TFIMS. ISCPT shall document changes identified during the testing process in the ISCP & DR Testing Checklist artifact or in the ISCP. As these artifacts are created and/or updated, update the Contingency Planning (CP) fields in TFIMS with completion dates. (IRS-defined)

  2. Documentation for all activities and all actions performed shall be completed in a timely manner. The results of each exercise/test shall be fully documented using the ISCP & DR Testing Checklist and then uploaded into TFIMS.

    Note:

    Also coordinate with SA staff and/or inventory staff and/or Help Desk to update the asset inventory recordation, which includes the GSS designation and supported applications and environments.

    (IRS-defined)

  3. The following TFIMS documentation and TFIMS CP fields are uploaded and updated after exercise/testing is completed: (IRS-defined)

    • Revised Contingency Plan Artifact (ISCP)

    • Tested Contingency Plan (Checklist)

    • Evidence (year)

    • Last CP Test Date (date test/all tests were completed)

    • Next CP Test Date (one year from last CP Test Date)

ISCP & DR Testing Checklist

The ISCP & DR Testing Checklist is an artifact for Treasury FISMA Inventory Management System (TFIMS) to record changes to the content of the ISCP based on information gathered during Test, Training, & Exercise (TT&E) activities documented in the Checklist, which are provided on the Cybersecurity's Security Risk Management SharePoint at: ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ . Completion and documentation of these activities also provide evidence that the requirements in the NIST 800-53 family of controls for Contingency Planning Classes are met: CP-2 Contingency Plan, CP-3 Contingency Training, and CP-4 Contingency Plan Testing and Exercise. For the latest information, refer to the Security Risk Management's training calendar and information: ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

ISCP Functional Exercise Methodology and Procedures

The ISCP Functional Exercise Methodology and Procedures has been prepared for use by IT personnel or by Business Unit IT Support Staff, as applicable to perform functional exercises on IT infrastructure that supports FISMA reportable applications and/or Systems. For the latest information, refer to the ISCP Functional Exercise Methodology Procedures link located at the following web site: ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

BOD ISCP & DR Testing Job Aid

This ISCP Exercise and Testing job aid has been prepared for use by all Business Operating Divisions (BODs) to inform BOD participants about the activities required to perform ISCP tabletop and functional exercises and DR testing during the current FISMA reporting cycle. For the latest information, refer to the BOD ISCP Testing Job Aid link at the following web site: ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

Glossary and Acronyms

Term Definition or description
ACIO Associate Chief Information Officer
After Action Report A document containing findings and recommendations from an exercise or a test.
AO Authorizing Official
Alternate Processing Site (APS) Establishes an alternate processing site including necessary agreements to permit the transfer and resumption of [Bureau-defined information system operations] for essential missions/business functions within [Bureau-defined time period consistent with recovery time and recovery point objectives] when the primary processing capabilities are unavailable
BCP Business Continuity Plan
BOD Business Operating Division
Critical Business Process (CBP)/Critical Functions IRS business processes defined by the IRS Business Units that are the most critical to the tax administration mission of the IRS and the Federal Government.
CIO Chief Information Officer
Critical Infrastructure Protection (CIP) Addresses the security, protection, and resiliency of those components of the national infrastructure critical to national and economic security.
Comprehensive Test A test of all systems and components that support a particular IT plan, such as a contingency plan or computer security incident response plan.
COOP Continuity of Operations Plan
CP Contingency Planning
CPO Certification Program Office
DR Disaster Recovery
EA Enterprise Architecture
ECC Enterprise Computing Center
ESA Essential Supporting Activity
ESP Enterprise Standards Profile
Event The suite of test or exercise activities.
Exercise A simulation of an emergency designed to validate the viability of one or more aspects of an IT plan.
FIPS Federal Information Processing Standard
FISMA Federal Information Security Management Act
Functional Exercise A functional exercise is designed to exercise the roles and responsibilities of specific team members, procedures, and assets involved in one or more functional aspects of a plan (e.g., backup procedures, communications, emergency notifications, IS equipment setup).
IRM Internal Revenue Manual
IRS Internal Revenue Service
IS Information System
ISCP Information System Contingency Plan
ISCPT Information System Contingency Plan Testing (ISCPT)
IT Information Technology
NIST National Institute of Standards and Technology
Plan In the context of this policy, the capitalized term, "Plan" , refers to any of the various IT plans, including Technical Contingency Plan Documents, Continuity of Operations Plans, and any equivalent planning documents.
POA&M Plan of Actions and Milestones
POC Point of Contact
PMO Program Management Office
SA&A Security Assessment and Authorization
SOP Standard Operating Procedure
Scenario A sequential, narrative account of a hypothetical incident that provides the catalyst for the exercise and is intended to introduce situations that will inspire responses and thus allow demonstration of the exercise objectives.
SP Special Publication
SRM Security Risk Management
Tabletop Exercise A discussion-based exercise where personnel with roles and responsibilities in a particular IT plan meet in a classroom setting or in breakout groups to validate the content of the plan by discussing their roles during an emergency and their responses to a particular emergency situation. A facilitator initiates the discussion by presenting a scenario and asking questions based on the scenario.
Test In the context of DR, a test is the method used to evaluate the organization's readiness and ability to recover a system from varying degrees of non-functioning to its original functional state by following authorized ISCP/DR keystroke procedures.
TFIMS Treasury FISMA Inventory Management System
TSCC Tool Suite Command Center
TT&E Test, Training, and Exercise
TT&E Event An event used to support the maintenance of an IT plan by allowing organizations to identify problems related to an IS plan and implement solutions before an adverse situation occurs.

≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡