Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >SP 800-53
  3. >Contingency Planning
  4. >SP800-53-CP-10
SP800-53-CP-10Active

System Recovery and Reconstitution

Statement

Provide for the recovery and reconstitution of the system to a known state within time period after a disruption, compromise, or failure.

Location

Control Family
Contingency Planning

Control Details

Identifier
SP800-53-CP-10
Family
CP

Organisation-Defined Parameters

cp-10_odp.01
time period
cp-10_odp.02
time period

Supplemental Guidance

Recovery is executing contingency plan activities to restore organizational mission and business functions. Reconstitution takes place following recovery and includes activities for returning systems to fully operational states. Recovery and reconstitution operations reflect mission and business priorities; recovery point, recovery time, and reconstitution objectives; and organizational metrics consistent with contingency plan requirements. Reconstitution includes the deactivation of interim system capabilities that may have been needed during recovery operations. Reconstitution also includes assessments of fully restored system capabilities, reestablishment of continuous monitoring activities, system reauthorization (if required), and activities to prepare the system and organization for future disruptions, breaches, compromises, or failures. Recovery and reconstitution capabilities can include automated mechanisms and manual procedures. Organizations establish recovery time and recovery point objectives as part of contingency planning.

Assessment Objective

the recovery of the system to a known state is provided within time period after a disruption, compromise, or failure; a reconstitution of the system to a known state is provided within time period after a disruption, compromise, or failure.

ATTACK
ATTACK-T1486relatedvia ctid-attack-to-sp800-53
ATTACK-T1490relatedvia ctid-attack-to-sp800-53
ATTACK-T1491relatedvia ctid-attack-to-sp800-53
ATTACK-T1491.001relatedvia ctid-attack-to-sp800-53
ATTACK-T1491.002relatedvia ctid-attack-to-sp800-53
View in graphReport an issue
← Back to Contingency Planning
Contingency Planning56 controls
SP800-53-CP-1Policy and ProceduresSP800-53-CP-2Contingency PlanSP800-53-CP-2(1)Coordinate with Related PlansSP800-53-CP-2(2)Capacity PlanningSP800-53-CP-2(3)Resume Mission and Business FunctionsSP800-53-CP-2(4)Resume All Mission and Business FunctionsSP800-53-CP-2(5)Continue Mission and Business FunctionsSP800-53-CP-2(6)Alternate Processing and Storage SitesSP800-53-CP-2(7)Coordinate with External Service ProvidersSP800-53-CP-2(8)Identify Critical AssetsSP800-53-CP-3Contingency TrainingSP800-53-CP-3(1)Simulated EventsSP800-53-CP-3(2)Mechanisms Used in Training EnvironmentsSP800-53-CP-4Contingency Plan TestingSP800-53-CP-4(1)Coordinate with Related PlansSP800-53-CP-4(2)Alternate Processing SiteSP800-53-CP-4(3)Automated TestingSP800-53-CP-4(4)Full Recovery and ReconstitutionSP800-53-CP-4(5)Self-challengeSP800-53-CP-5Contingency Plan UpdateSP800-53-CP-6Alternate Storage SiteSP800-53-CP-6(1)Separation from Primary SiteSP800-53-CP-6(2)Recovery Time and Recovery Point ObjectivesSP800-53-CP-6(3)AccessibilitySP800-53-CP-7Alternate Processing SiteSP800-53-CP-7(1)Separation from Primary SiteSP800-53-CP-7(2)AccessibilitySP800-53-CP-7(3)Priority of ServiceSP800-53-CP-7(4)Preparation for UseSP800-53-CP-7(5)Equivalent Information Security SafeguardsSP800-53-CP-7(6)Inability to Return to Primary SiteSP800-53-CP-8Telecommunications ServicesSP800-53-CP-8(1)Priority of Service ProvisionsSP800-53-CP-8(2)Single Points of FailureSP800-53-CP-8(3)Separation of Primary and Alternate ProvidersSP800-53-CP-8(4)Provider Contingency PlanSP800-53-CP-8(5)Alternate Telecommunication Service TestingSP800-53-CP-9System BackupSP800-53-CP-9(1)Testing for Reliability and IntegritySP800-53-CP-9(2)Test Restoration Using SamplingSP800-53-CP-9(3)Separate Storage for Critical InformationSP800-53-CP-9(4)Protection from Unauthorized ModificationSP800-53-CP-9(5)Transfer to Alternate Storage SiteSP800-53-CP-9(6)Redundant Secondary SystemSP800-53-CP-9(7)Dual Authorization for Deletion or DestructionSP800-53-CP-9(8)Cryptographic ProtectionSP800-53-CP-10System Recovery and ReconstitutionSP800-53-CP-10(1)Contingency Plan TestingSP800-53-CP-10(2)Transaction RecoverySP800-53-CP-10(3)Compensating Security ControlsSP800-53-CP-10(4)Restore Within Time PeriodSP800-53-CP-10(5)Failover CapabilitySP800-53-CP-10(6)Component ProtectionSP800-53-CP-11Alternate Communications ProtocolsSP800-53-CP-12Safe ModeSP800-53-CP-13Alternative Security Mechanisms