Back

Include backup procedures in the Configuration Management policy.


CONTROL ID
01314
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Configuration Management program., CC ID: 00867

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • App 2-1 Item Number IV.4(5): The organization must back up data to minimize the effects of failures. The organization must determine the types of data that must get backed up and the method for and timing of the backups in accordance with business requirements, data processing structure, and data re… (App 2-1 Item Number IV.4(5), App 2-1 Item Number IV.6(4), Appendix 1 Correspondence of the System Management Standards - Supplementary Edition to other standards)
  • To strengthen recovery measures relating to large scale disruptions and to achieve risk diversification, the FI should implement rapid backup and recovery capabilities at the individual system or application cluster level. The FI should consider inter-dependencies between critical systems in drawing… (§ 8.2.3, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • Information, applications and configuration settings are backed up in a secure and proven manner on a regular basis. (P9:, Australian Government Information Security Manual, March 2021)
  • backup all important data and configuration settings. (Security Control: 1555; Revision: 0; Bullet 7, Australian Government Information Security Manual, March 2021)
  • Data, applications and configuration settings are backed up in a secure and proven manner on a regular basis. (P9:, Australian Government Information Security Manual, June 2023)
  • backup all important data and configuration settings. (Control: ISM-1555; Revision: 1; Bullet 7, Australian Government Information Security Manual, June 2023)
  • Data, applications and configuration settings are backed up in a secure and proven manner on a regular basis. (P9:, Australian Government Information Security Manual, September 2023)
  • backup all important data and configuration settings. (Control: ISM-1555; Revision: 1; Bullet 7, Australian Government Information Security Manual, September 2023)
  • The processing of personal data by electronic means will only be allowed if the following minimum security measure is implemented with the technical specifications stated in Annex B of this Code: implementing procedures for safekeeping of backups, restoring data, and system availability. (§ 34.1(f), Italy Personal Data Protection Code)
  • Devices should be able to save back-up configuration settings on another device or server area. (§ 2.3.1 (2.3.1.110), The Center for Internet Security Wireless Networking Benchmark, 1)
  • Configuration settings should be automatically backed up on a regular basis. (§ 1.2 (2.3.1.110), The Center for Internet Security Wireless Networking Benchmark, Cisco Addendum, 1)
  • Configuration settings should be automatically backed up on a regular basis. (§ 1.2 (2.3.1.110), The Center for Internet Security Wireless Networking Benchmark, Linksys Addendum, 1)
  • Policies and procedures for data retention and storage shall be established and backup or redundancy mechanisms implemented to ensure compliance with regulatory requirements, statutory requirements, contractual requirements or business requirements. (DG-04, The Cloud Security Alliance Controls Matrix, Version 1.3)
  • Back-up copies should be maintained of all program libraries. (§ 2-4.f, Army Regulation 380-19: Information Systems Security, February 27, 1998)
  • Backup and recovery procedures are critical to the protection of the system. The Information Assurance Manager should ensure a disaster recovery plan exists. The plan should provide for the resumption of services within a specified time period and should be tested in exercises regularly. The Informa… (§ 2.2.3, Defense Information Systems Agency UNISYS Security Technical Implementation Guide Version 7 Release 2, 28 August 2006)
  • The baseline database should be backed up on write-protected media every time changes are made to any baseline files. This should ensure the original baseline document is available for comparison to the current baseline to prevent a possible data breach. A recovery disk, containing the boot partitio… (§ 2.5.3.1, § 12.4, Defense Information Systems Agency UNIX Security Technical Implementation Guide Version 5 Release 1, Version 5, Release 1)
  • Backups should be created and maintained on a routine basis to allow for the recovery of a damaged or compromised system. (§ 3.10, DISA Windows Server 2003 Security Checklist, Version 6 Release 1.11)
  • The site should maintain back-up procedures so backups are available in the event of an emergency. (§ 3.1 (1.013), DISA Windows VISTA Security Checklist, Version 6 Release 1.11)
  • System backups should be completed on a regular basis and should be stored in a secure offsite location. (§ 3.10, DISA Windows XP Security Checklist, Version 6 Release 1.11)
  • Perform system administration on specialized cyber defense applications and systems (e.g., antivirus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup, and restoration. (T0180, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)