Abstract
[Superseded by SP 800-34 Revision 1 (May 2010):
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=905266] The Contingency Planning Guide for Information Technology (IT) Systems provides instructions, recommendations, and considerations for government IT contingency planning. Contingency planning refers to interim measures to recover IT services after an emergency or system disruption. Interim measures may include the relocation of IT systems and operations to an alternate site, the recovery of IT functions using alternate equipment, or the performance of IT functions using manual methods. The information presented in this document addresses specific contingency planning recommendations and provides strategies and techniques common to desktops and portable systems, servers, Web sites, local area networks, wide area networks, distributed systems, and mainframe systems.The document also defines the following seven-step contingency process that an agency may apply to develop and maintain a viable contingency planning program for their IT systems. These seven progressive steps develop the contingency planning policy statement, conduct the business impact analysis (BIA), identify preventive controls, develop recovery strategies, develop an IT contingency plan, plan testing/training/exercises, and plan maintenance are designed to be integrated into each stage of the system development life cycle.