RE.5.140 Ensure information processing facilities meet organizationally defined information security continuity, redundancy, and availability requirements.

CMMC Practice RE.5.140: Ensure information processing facilities meet organizationally defined information security continuity, redundancy, and availability requirements.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

This practice requires an organization to do what is needed in order for their cybersecurity solutions to continue to function under stress or attack. This means that even if a solution that helps protect the environment has a failure, then other mechanisms will fill in the gap in order for the functionality to continue. Redundant components can help with this as well as proper planning and implementation. If a firewall fails, make sure another firewall can take its place, or the environment should fail closed preventing traffic from passing until the problem can be fixed. By having redundancy in place, an organization may continue operations with confidence knowing their cyber security mission is functioning properly, and the components will continue to operate properly even when failures may be taking place.