Does your organization validate the integrity and completeness of restored systems before returning them to production?
Explanation
Recovery assurance is the concern: whether you validate the integrity and completeness of restored systems before returning them to production. This includes checking that all critical components, data, configurations, and security controls have been properly restored and are operating as expected.
Evidence could include documented restoration validation procedures, pre-production checklists, test results from restored systems, sign-off forms that must be completed before systems return to production, or restoration test logs showing verification steps performed and their outcomes.
Implementation Example
Verify the correctness and adequacy of the restoration actions taken before putting a restored system online
ID: RC.RP-05.355
Context
- Function
- RC: RECOVER
- Category
- RC.RP: Incident Recovery Plan Execution
- Sub-Category
- The integrity of restored assets is verified, systems and services are restored, and normal operating status is confirmed
Related questions
- Has your organization established documented procedures to initiate recovery processes during or immediately following security incident response?
- Have all personnel with recovery responsibilities been formally trained on the recovery plans and their specific authorization levels?
- Has your organization defined criteria for selecting recovery actions during incident response, and are these criteria followed when responding to security incidents?
- Does your organization have a process to reassess and update recovery plans based on changes in organizational needs and available resources?
- Does your organization verify restoration assets for integrity issues and indicators of compromise before using them in recovery operations?
- Does your organization use business impact assessments and system categorization records to prioritize the restoration of essential services during recovery operations?

