IDEF Knowledge Base |

IDEF Registry
Security
SECURE-10. UPTIME

SECURE-10. UPTIME

Posted In: Authentication, Authorization, Credentialing, Intermediation, Registration
Tagged As: Process, Security, Uptime

Table of Contents: SECURE-10. UPTIME

REQUIREMENTS

Entities that provide and conduct digital identity management functions MUST have established policies and processes in place to maintain their stated assurances for availability of their services.

SUPPLEMENTAL GUIDANCE

At a minimum, service providers should have documented policies and processes to address disaster recovery, continuity of business, and denial of service prevention/recovery. See INTEROP-5 (DOCUMENTED PROCESSES).

REFERENCES

FFIEC-Business Continuity Planning, Retail Payment System Handbook, and Wholesale Payment System Handbook, E-Banking Handbook, https://www.ffiec.gov/; “IT Handbooks”, athttp://ithandbook.ffiec.gov/it-booklets.aspx; ISO 20000-1 (2011) (Part 1: Service management system requirements) and -2 (2012) (Part 2: Guidance on the application of service management systems) 1.6.3.1 & 1.6.3.2, ISO 27002 (2005)- Section 14.1; CSA CCM, https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/ , NIST 800-53-4, Continuity Planning, Incident Response; COBIT V5 DSS04 “Manage Continuity”

APPLIES TO ROLES

TBA