Back

Configure Data Backup and Recovery settings in accordance with organizational standards.


CONTROL ID
08406
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

This Control has the following implementation support Control(s):
  • Configure the "Retain deleted items for the specified number of days" to organizational standards., CC ID: 08407
  • Configure the "Do not permanently delete items until the database has been backed up" to organizational standards., CC ID: 08490
  • Configure the "Keep deleted mailboxes for the specified number of days" to organizational standards., CC ID: 08600


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Consumer IoT devices should remain operating and locally functional in the case of a loss of network access and should recover cleanly in the case of restoration of a loss of power. (Provision 5.9-2, CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements, ETSI EN 303 645, V2.1.1)
  • The control system shall provide the capability to automate the backup function based on a configurable frequency. (11.5.3.2 ¶ 1, IEC 62443-3-3: Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels, Edition 1)
  • Determine whether the BCP includes appropriate hardware back-up and recovery. (TIER I OBJECTIVES AND PROCEDURES BCP - Hardware, Back-up and Recovery Issues Objective 6, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Automate backup of data. Client/server systems should have software installed that automatically schedules data backups to a central data backup location. Data for backup should be stored at a common directory name (such as \My Documents) to ease in automated backup and to make sure that only pertin… (§ 5.2.1 ¶ 2 Bullet 2, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))