Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >SP 800-53
  3. >Contingency Planning
  4. >SP800-53-CP-8(4)
SP800-53-CP-8(4)Active

Provider Contingency Plan

Statement

Require primary and alternate telecommunications service providers to have contingency plans; Review provider contingency plans to ensure that the plans meet organizational contingency requirements; and Obtain evidence of contingency testing and training by providers frequency.

Location

Control Family
Contingency Planning

Control Details

Identifier
SP800-53-CP-8(4)
Family
CP
Parent Control
SP800-53-CP-8

Organisation-Defined Parameters

cp-08.04_odp.01
frequency
cp-08.04_odp.02
frequency

Supplemental Guidance

Reviews of provider contingency plans consider the proprietary nature of such plans. In some situations, a summary of provider contingency plans may be sufficient evidence for organizations to satisfy the review requirement. Telecommunications service providers may also participate in ongoing disaster recovery exercises in coordination with the Department of Homeland Security and state and local governments. Organizations may use these types of activities to satisfy evidentiary requirements related to service provider contingency plan reviews, testing, and training.

Assessment Objective

primary telecommunications service providers are required to have contingency plans; alternate telecommunications service providers are required to have contingency plans; provider contingency plans are reviewed to ensure that the plans meet organizational contingency requirements; evidence of contingency testing by providers is obtained frequency. evidence of contingency training by providers is obtained frequency.

No cross-framework mappings available

← Back to Contingency Planning
Contingency Planning56 controls
SP800-53-CP-1Policy and ProceduresSP800-53-CP-2Contingency PlanSP800-53-CP-2(1)Coordinate with Related PlansSP800-53-CP-2(2)Capacity PlanningSP800-53-CP-2(3)Resume Mission and Business FunctionsSP800-53-CP-2(4)Resume All Mission and Business FunctionsSP800-53-CP-2(5)Continue Mission and Business FunctionsSP800-53-CP-2(6)Alternate Processing and Storage SitesSP800-53-CP-2(7)Coordinate with External Service ProvidersSP800-53-CP-2(8)Identify Critical AssetsSP800-53-CP-3Contingency TrainingSP800-53-CP-3(1)Simulated EventsSP800-53-CP-3(2)Mechanisms Used in Training EnvironmentsSP800-53-CP-4Contingency Plan TestingSP800-53-CP-4(1)Coordinate with Related PlansSP800-53-CP-4(2)Alternate Processing SiteSP800-53-CP-4(3)Automated TestingSP800-53-CP-4(4)Full Recovery and ReconstitutionSP800-53-CP-4(5)Self-challengeSP800-53-CP-5Contingency Plan UpdateSP800-53-CP-6Alternate Storage SiteSP800-53-CP-6(1)Separation from Primary SiteSP800-53-CP-6(2)Recovery Time and Recovery Point ObjectivesSP800-53-CP-6(3)AccessibilitySP800-53-CP-7Alternate Processing SiteSP800-53-CP-7(1)Separation from Primary SiteSP800-53-CP-7(2)AccessibilitySP800-53-CP-7(3)Priority of ServiceSP800-53-CP-7(4)Preparation for UseSP800-53-CP-7(5)Equivalent Information Security SafeguardsSP800-53-CP-7(6)Inability to Return to Primary SiteSP800-53-CP-8Telecommunications ServicesSP800-53-CP-8(1)Priority of Service ProvisionsSP800-53-CP-8(2)Single Points of FailureSP800-53-CP-8(3)Separation of Primary and Alternate ProvidersSP800-53-CP-8(4)Provider Contingency PlanSP800-53-CP-8(5)Alternate Telecommunication Service TestingSP800-53-CP-9System BackupSP800-53-CP-9(1)Testing for Reliability and IntegritySP800-53-CP-9(2)Test Restoration Using SamplingSP800-53-CP-9(3)Separate Storage for Critical InformationSP800-53-CP-9(4)Protection from Unauthorized ModificationSP800-53-CP-9(5)Transfer to Alternate Storage SiteSP800-53-CP-9(6)Redundant Secondary SystemSP800-53-CP-9(7)Dual Authorization for Deletion or DestructionSP800-53-CP-9(8)Cryptographic ProtectionSP800-53-CP-10System Recovery and ReconstitutionSP800-53-CP-10(1)Contingency Plan TestingSP800-53-CP-10(2)Transaction RecoverySP800-53-CP-10(3)Compensating Security ControlsSP800-53-CP-10(4)Restore Within Time PeriodSP800-53-CP-10(5)Failover CapabilitySP800-53-CP-10(6)Component ProtectionSP800-53-CP-11Alternate Communications ProtocolsSP800-53-CP-12Safe ModeSP800-53-CP-13Alternative Security Mechanisms