| SPR-99 |
The [spacecraft] shall recover from cyber-safe mode to mission operations within 20 minutes.{SV-MA-5}{CP-2(3),CP-2(5),IR-4,SA-8(24)}
|
Upon conclusion of addressing the threat, the system should be capable of recovering from the minimal survival mode back into a mission-ready state within defined timelines. The intent is to define the timelines and the capability to return back to mission operations.
|
| SPR-146 |
The [spacecraft] shall provide at least one independent command for each operator-initiated action used to shutdown a function leading to or reducing the control of a hazard.{SV-MA-5,SV-MA-3}{SI-10(5)}
|
Independent shutdown commands ensure operators retain control during anomalous conditions. Redundant control paths reduce systemic failure risk. This supports safe recovery from hazardous states. Separation enhances mission survivability.
|
| SPR-258 |
The [organization] shall test the contingency plan, with special consideration for space operations, to determine the effectiveness of the plan and readiness to execute the plan.{SV-MA-5}{CP-4}
|
Contingency plans must be validated under realistic mission conditions. Testing confirms feasibility during communication latency or constrained power states. Exercises reveal gaps in readiness. Preparedness reduces recovery time during incidents.
|
| SPR-259 |
The [organization] shall develop an incident response and forensics plan that covers the spacecrafts.{SV-MA-5}{CP-2,IR-1,IR-3,IR-3(2),IR-4(12),IR-4(13),IR-8,SA-15(10),SI-4(24)}
|
A structured response plan enables coordinated containment and recovery. Forensics planning ensures evidence preservation. Defined procedures reduce confusion during crisis. Incident readiness enhances resilience.
|
| SPR-260 |
The [organization] shall test the incident response capabilities of the spacecraft to determine the effectiveness of the plan and readiness to execute the plan.{SV-MA-5}{IR-3}
|
Practical exercises validate plan effectiveness. Testing ensures spacecraft systems can support containment, telemetry capture, and recovery actions. Simulation reduces uncertainty during real events. Readiness must be demonstrated, not assumed.
|
| SPR-261 |
The [organization] shall coordinate testing of the incident response plan with organizational elements responsible for related plans.{SV-MA-5}{IR-3(2)}
|
Cyber incidents span mission, enterprise, and supplier boundaries. Coordinated exercises ensure interoperability and shared understanding. Integrated testing reduces response friction. Cross-organizational alignment improves containment.
|
| SPR-341 |
The [organization] shall coordinate contingency plan development, and testing of the plan, with organizational elements responsible for related plans.{SV-MA-5}{CP-2(1),CP-4(1)}
|
Integrated contingency planning ensures no isolated failure points. Coordination with related plans improves operational continuity. Structured collaboration strengthens recovery effectiveness. Unified preparation reduces confusion during crisis.
|
| SPR-342 |
The [organization] shall test the plan for the transfer of essential functions to alternate processing sites for both the ground and space segment assets to familiarize personnel with the process and to evaluate the ability of the site to continue those functions.{SV-MA-5}{CP-4(2)}
|
Transfer testing validates ability to sustain operations during disruption. Ground and space segment continuity must be demonstrated. Exercises expose integration gaps. Preparedness supports mission survivability.
|
| SPR-349 |
The [organization] shall establish and maintain a comprehensive program for testing, training, and monitoring to ensure the effectiveness of security controls and incident response capabilities.{SV-DCO-1,SV-MA-5}{PM-14}
|
Integrated programs ensure controls remain effective. Continuous validation supports adaptive security posture. Combined testing and training reduce complacency. Holistic oversight strengthens mission readiness.
|
| SPR-358 |
The [organization] shall plan for the transfer of essential ground-segment functions to alternate processing/storage site(s) (e.g.secondary ground terminal) with minimal or no loss of operational continuity until the primary ground terminal is fully restored (if the architecture supports it).{SV-MA-5}{CP-2(6)}
|
Redundant ground infrastructure enhances availability. Preplanning reduces disruption during outage. Distributed architecture strengthens resilience. Continuity planning supports mission assurance.
|
| SPR-359 |
The [organization] shall plan for the transfer of essential space-segment functions to alternate processing platforms (e.g.proliferated/distributed constellations) with minimal or no loss of operational continuity until the primary node is fully restored (if the architecture supports it).{SV-MA-5}{CP-2(6)}
|
Proliferated or distributed space assets reduce single-node risk. Functional transfer ensures mission continuity. Planning anticipates hostile or environmental disruptions. Resilient architectures improve survivability.
|
| SPR-360 |
The [organization] shall coordinate contingency plan development and associated activities with external service providers to ensure that contingency requirements can be satisfied.{SV-MA-5}{CP-2(7)}
|
External dependencies must align with mission continuity plans. Coordination reduces contractual gaps. Shared understanding strengthens recovery capability. Integrated planning supports operational resilience.
|
| SPR-369 |
The [organization] shall develop and document program-specific contingency planning policies to cover the development environment as well as the spacecraft. {SV-MA-5}{CP-1}
|
Formal contingency governance ensures lifecycle coverage. Development and operational environments both require resilience planning. Documentation supports coordinated response. Policy-backed preparation strengthens continuity.
|
| SPR-371 |
The [organization] shall develop, document, and implement an incident response policy specifically tailored for its space operations that outlines procedures for detecting, reporting, responding to, and recovering from security incidents affecting the spacecraft.{SV-MA-5,SV-DCO-1}{IR-1}
|
Space-specific IR procedures account for latency and limited intervention. Tailored guidance ensures effective containment. Structured recovery planning reduces mission impact. Specialized policies enhance readiness.
|
| SPR-426 |
The [organization] shall designate a supply chain coordinator as part of the incident handling process to facilitate communication and coordination between incident response teams and relevant stakeholders, including suppliers, vendors, and other entities within the supply chain.{SV-SP-4,SV-MA-5}{IR-4(10)}
|
Central coordination improves communication during incidents. Defined liaison strengthens supplier engagement. Structured oversight reduces fragmented response. Supply chain integration supports resilience.
|
| SPR-461 |
The [spacecraft] shall fail over mission critical processing to a redundant onboard compute element while maintaining authentication, authorization, and cryptographic protections.{SV-MA-5}{CP-2(6),CP-10}
|
Redundant compute without preserved security controls introduces new risk. Failover must maintain authentication and cryptographic state. Secure redundancy prevents availability from undermining integrity. Resilience must not weaken protection.
|
| SPR-474 |
The [organization] shall incorporate space cyber threat scenarios and mitigations into mission rehearsals and anomaly response training.{SV-MA-5,SV-AV-5}{PM-16,IR-2}
|
Realistic exercises validate preparedness. Embedding cyber threats in rehearsals strengthens operational readiness. Scenario-based training reduces reaction latency. Prepared teams enhance resilience.
|
| SPR-493 |
The [spacecraft] shall ensure that security-critical functions, including cryptographic processing, key storage, secure boot, and audit logging, continue under single-component failure by providing redundancy, graceful degradation, or verified fallback modes.{SV-MA-5}{SI-13,SC-24}
|
Single-point failure in security undermines mission assurance. Redundancy ensures continued enforcement. Graceful degradation maintains CIA protections. Fault tolerance supports resilience.
|
| SPR-495 |
The [spacecraft] shall detect impending failure of security components and initiate controlled failover to preserve confidentiality, integrity, and availability.{SV-MA-5,SV-DCO-1}{SI-4,SI-13,CP-10}
|
Early detection prevents cascading compromise. Controlled switchover maintains CIA properties. Structured alerting enhances situational awareness. Fault handling preserves assurance.
|
| SPR-496 |
The [spacecraft] shall provide standby instances for [organization]-defined high-criticality security components and automatically switch to the standby upon failure detection, generating an immediate alert that includes the component identity, time, and fault reason.{SV-MA-5}{SI-13(4),CP-10,AU-5}
|
Automatic failover reduces human delay. Immediate alerts support oversight. Identity and fault logging strengthen accountability. Resilient architecture supports mission continuity.
|
| SPR-511 |
The [organization] shall quarantine anti-counterfeit anomalies, block integration until disposition, open an incident record, notify SCRM lead/AO, and require supplier corrective action/lot containment as applicable.{SV-SP-4,SV-MA-5}{SR-11(3),IR-6}
|
Immediate quarantine prevents contaminated integration. Formal incident tracking ensures accountability. Supplier corrective actions reduce recurrence risk. Structured containment strengthens resilience.
|