Configure Data Backup and Recovery settings in accordance with organizational standards.
CONTROL ID 08406
CONTROL TYPE Configuration
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain system hardening procedures., CC ID: 12001
This Control has the following implementation support Control(s):
Configure the "Retain deleted items for the specified number of days" to organizational standards., CC ID: 08407
Configure the "Do not permanently delete items until the database has been backed up" to organizational standards., CC ID: 08490
Configure the "Keep deleted mailboxes for the specified number of days" to organizational standards., CC ID: 08600
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Consumer IoT devices should remain operating and locally functional in the case of a loss of network access and should recover cleanly in the case of restoration of a loss of power. (Provision 5.9-2, CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements, ETSI EN 303 645, V2.1.1)
The control system shall provide the capability to automate the backup function based on a configurable frequency. (11.5.3.2 ¶ 1, IEC 62443-3-3: Industrial communication networks â Network and system security â Part 3-3: System security requirements and security levels, Edition 1)
Determine whether the BCP includes appropriate hardware back-up and recovery. (TIER I OBJECTIVES AND PROCEDURES BCP - Hardware, Back-up and Recovery Issues Objective 6, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
Automate backup of data. Client/server systems should have software installed that automatically schedules data backups to a central data backup location. Data for backup should be stored at a common directory name (such as \My Documents) to ease in automated backup and to make sure that only pertin… (§ 5.2.1 ¶ 2 Bullet 2, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))