Current through Reg. 50, No. 222; November 13, 2024
Section 60GG-2.006 - RecoverThe recover function of the SFCS is visually represented as such:
Function | Category | Subcategory |
Recover (RC) | Recovery Planning (RP) | RC.RP-1: Execute recovery plan during or after a Cybersecurity Incident |
Improvements (IM) | RC.IM-1: Incorporate lessons learned in recovery plans |
RC.IM-2: Periodically update recovery strategies |
Communications (CO) | RC.CO-1: Manage public relations |
RC.CO-2: Repair reputation after an event |
RC.CO-3: Communicate recovery activities to internal Stakeholders and executive and management teams |
(1) Recovery Planning. Each Agency shall execute and maintain recovery processes and procedures to ensure restoration of systems or assets affected by Cybersecurity Incidents. Each Agency shall:(a) Execute a recovery plan during or after an Incident (RC.RP-1).(b) Mirror data and software, essential to the continued operation of critical Agency functions, to an off-site location or regularly back up a current copy and store at an off-site location.(c) Develop procedures to prevent loss of data, and ensure that Agency data, including unique copies, are backed up.(d) Document disaster recovery plans that address protection of critical IT Resources and provide for the continuation of critical Agency functions in the event of a disaster. Plans shall address shared resource systems, which require special consideration, when interdependencies may affect continuity of critical Agency functions.(e) IT disaster recovery plans shall be tested at least annually; results of the annual exercise shall document plan procedures that were successful and specify any modifications required to improve the plan.(2) Improvements. Each Agency shall improve recovery planning and processes by incorporating lessons learned into future activities. Such activities shall include:(a) Incorporating lessons learned in recovery plans (RC.IM-1).(b) Updating recovery strategies (RC.IM-2).(3) Communications. Each agency shall coordinate restoration activities with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors. Such activities shall include:(a) Managing public relations (RC.CO-1).(b) Attempts to repair reputation after an event, if applicable (RC.CO-2).(c) Communicating recovery activities to Stakeholders, internal and external where appropriate (RC.CO-3).Fla. Admin. Code Ann. R. 60GG-2.006
Rulemaking Authority 282.318(11) FS. Law Implemented 282.318(3) FS.
New 3-10-16, Amended 1-2-19, Formerly 74-2.006, Amended by Florida Register Volume 48, Number 174, September 7, 2022 effective 9/18/2022.New 3-10-16, Amended 1-2-19, Formerly 74-2.006, Amended 9-18-22.