Disaster Recovery Introduction

This chapter presents a general overview of CMS practices, services, and guidance for Disaster Recovery (DR), which should be implemented in accordance with appropriate security and CMS Continuity of Operations (COOP) requirements. CMS Emergency Preparedness and Response Operations (EPRO) manages all CMS COOP Planning including the assignment of CMS Mission Essential Functions (MEF), which influence DR parameters. This includes formulating guidance and establishing common objectives for CMS and its components to develop a viable, enterprise-wide, state of resilience for DR and COOP capability.

The primary focus of this chapter is DR as it relates to IT operations covering the following:

Hardware – Networks, servers, desktop and laptop computers, wireless devices and peripherals, etc.

Cloud configurations – Compute, data, virtual networks, load balancers, etc.

Connectivity to service provider – Fiber, cable, wireless, etc.

Software applications – Electronic data interchange, electronic mail, enterprise resource management, office productivity, etc.

Data and restoration – Backup and recovery

Environment – Secure computer room with climate control, conditioned, and backup power supply, etc.

Reference Documents

This chapter is not all inclusive. It complements and incorporates existing policies, standards, and procedures for CMS, HHS, DHS, and OMB, thereby offering an architectural view of the standards. Where there are conflicts, the following standards, and any successor documents, will take precedence:

COOP and DR:

CMS Continuity of Operations (COOP) Plan, Version 2.3, March 16, 2022
Contingency Planning Guide for Federal Information Systems, NIST SP 800-34 Rev. 1
OMB Memorandum M-19-03, Strengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program, December 10, 2018
U.S. Department of Homeland Security, Federal Continuity Directive 1, January 17, 2017

Other related guidance

CMS Information Security and Privacy Overview
CMS Acceptable Risk Safeguards (ARS)
CMS TRA Security Services Introduction
CMS Business Partners System Security Manual, Transmittal 11, CMS Pub 100-17, 9/30/2011
CMS System Security Plan Procedure, Version 1.1, CMS, August 31, 2010.
Risk Management Handbook Chapter 14: Risk Assessment (RA), April 13, 2021
CMS Risk Management Handbook (RMH), Volume III, Standard 3.1: CMS Authentication Standards, v1.3, April 17, 2014
CMS Risk Management Handbook (RMH), Chapter 6: Contingency Planning (CP) May 25, 2021
FIPS PUB 201-3, Federal Identity Verification (PIV) of Federal Employees and Contractors, January 2022

TRA 2024 Revision 3.0 • General Distribution / Unclassified Information