Florida Administrative Code (Last Updated: November 11, 2024) |
74. Agency for State Technology |
D74. Departmental |
74-2. Information Technology Security |
1The recover function of the FCS is visually represented as such:
12Function
13Category
14Subcategory
15Recover (RC)
17Recovery Planning (RP)
20RC.RP-1: Execute 22recovery plan during or after a cybersecurity incident
30Improvements (IM)
32RC.IM-1: Incorporate lessons learned in 37recovery plans
39RC.IM-2: Periodically update 42recovery strategies
44Communications (CO)
46RC.CO-1: 47Manage public relations
50RC.CO-2: 51Repair reputation after an event
56RC.CO-3: 57Communicate recovery activities to internal stakeholders and executive and management teams
68(1) Recovery Planning. Each agency shall execute and maintain recovery processes and procedures to ensure restoration of systems or assets affected by cybersecurity incidents. Each agency shall:
95(a) Execute a recovery plan during or after an incident (RC.RP-1).
106(b) Mirror data and software, essential to the continued operation of critical agency functions, to an off-site location or regularly back up a current copy and store at an off-site location.
137(c) Develop procedures to prevent loss of data, and ensure that agency data, including unique copies, are backed up.
156(d) Document disaster recovery plans that address protection of critical IT resources and provide for the continuation of critical agency functions in the event of a disaster. Plans shall address shared resource systems, which require special consideration, when interdependencies may affect continuity of critical agency functions.
202(e) IT disaster recovery plans shall be tested at least annually; results of the annual exercise shall document plan procedures that were successful and specify any modifications required to improve the plan.
234(2) Improvements. Each agency shall improve recovery planning and processes by incorporating lessons learned into future activities. Such activities shall include:
255(a) Incorporating lessons learned in recovery plans (RC.IM-1).
263(b) Updating recovery strategies (RC.IM-2).
268(3) Communications. Each agency shall coordinate restoration activities with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors. Such activities shall include:
301(a) Managing public relations (RC.CO-1).
306(b) Attempts to repair reputation after an event, if applicable (RC.CO-2).
317(c) Communicating recovery activities to stakeholders, internal and external where appropriate (RC.CO-3).
329Rulemaking Authority 331282.318(5) FS. 333Law Implemented 335282.318(3) FS. 337History338‒New 3-10-16, Amended 1-2-19.