Back

Perform backup procedures for in scope systems.


CONTROL ID
11692
CONTROL TYPE
Process or Activity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Include technical preparation considerations for backup operations in the continuity plan., CC ID: 01250

This Control has the following implementation support Control(s):
  • Back up all records., CC ID: 11974
  • Document the Recovery Point Objective for triggering backup operations and restoration operations., CC ID: 01259
  • Encrypt backup data., CC ID: 00958
  • Log the execution of each backup., CC ID: 00956
  • Test backup media for media integrity and information integrity, as necessary., CC ID: 01401
  • Test each restored system for media integrity and information integrity., CC ID: 01920
  • Digitally sign disk images, as necessary., CC ID: 06814


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Backup and archival (Critical components of information security 1) 2) q. x., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Confidentiality of data under conversion—ensuring that data is backed up before migration for future reference or any emergency that might arise out of the data migration process (Critical components of information security 12) (ii) c., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Backing up firewalls to internal media and not backing up the firewall to servers on protected networks (Critical components of information security 24) vii. a) ¶ 13 Bullet 6, Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • A cloud computing system must ensure backup of all its clients' information. (EMERGING TECHNOLOGIES AND INFORMATION SECURITY 2 ¶ 5, Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Just as with physical servers, virtual systems need to be regularly backed-up for error recovery. (EMERGING TECHNOLOGIES AND INFORMATION SECURITY 1 ¶ 9 h., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • To minimise risks associated with changes, FIs should perform backups of affected systems or applications prior to the change. The FI should establish a rollback plan to revert to a former version of the system or application if a problem is encountered during or after the deployment. The FI should … (§ 7.1.6, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • The FI should perform a backup of the information asset prior to the change implementation, and establish a rollback plan to revert the information asset to the previous state if a problem arises during or after the change implementation. (§ 7.5.5, Technology Risk Management Guidelines, January 2021)
  • Information, applications and configuration settings are backed up in a secure and proven manner on a regular basis. (P9:, Australian Government Information Security Manual)
  • Backups of important information, software and configuration settings are performed at least daily. (Security Control: 1511; Revision: 0, Australian Government Information Security Manual)
  • APRA envisages that a regulated institution would regularly backup critical and sensitive IT assets, regardless of the level of resilience in place. Appropriate controls would be implemented to ensure the security of the backups is maintained while in transit and storage, typically via physical secu… (Attachment B ¶ 12, The AD_offical_Name should be: APRA Prudential Practice Guide 234: Management of security risk in information and information technology, May 2013)
  • § 2.8.14 All information and data critical to the business should be backed up on a regular basis. (§ 2.8.14, Australian Government ICT Security Manual (ACSI 33))
  • Technical and organizational instructions will be issued to ensure data back-ups are conducted at least weekly. When data has been damaged, measures must be implemented to ensure data access is restored within a specific deadline which is not more than 7 days. (Annex B.18, Annex B.23, Italy Personal Data Protection Code)
  • Identifying all locations where account data is stored, processed, and transmitted, including but not limited to: 1) any locations outside of the currently defined CDE, 2) applications that process CHD, 3) transmissions between systems and networks, and 4) file backups. (12.5.2 Bullet 3, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Identifying all locations where account data is stored, processed, and transmitted, including but not limited to: 1) any locations outside of the currently defined CDE, 2) applications that process CHD, 3) transmissions between systems and networks, and 4) file backups. (12.5.2 Bullet 3, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Identifying all locations where account data is stored, processed, and transmitted, including but not limited to: 1) any locations outside of the currently defined CDE, 2) applications that process CHD, 3) transmissions between systems and networks, and 4) file backups. (12.5.2 Bullet 3, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Ensure that each system is automatically backed up on at least a weekly basis, and more often for systems storing sensitive information. To help ensure the ability to rapidly restore a system from backup, the operating system, application software, and data on a machine should each be included in th… (Control 10.1, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • Ensure that all system data is automatically backed up on a regular basis. (CIS Control 10: Sub-Control 10.1 Ensure Regular Automated Backups, CIS Controls, 7.1)
  • Ensure that all of the organization's key systems are backed up as a complete system, through processes such as imaging, to enable the quick recovery of an entire system. (CIS Control 10: Sub-Control 10.2 Perform Complete System Backups, CIS Controls, 7.1)
  • The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it. (CIS Control 10: Data Recovery Capabilities, CIS Controls, 7.1)
  • The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it. (CIS Control 10: Data Recovery Capabilities, CIS Controls, V7)
  • Ensure that all system data is automatically backed up on a regular basis. (CIS Control 10: Sub-Control 10.1 Ensure Regular Automated Backups, CIS Controls, V7)
  • Ensure that all of the organization's key systems are backed up as a complete system, through processes such as imaging, to enable the quick recovery of an entire system. (CIS Control 10: Sub-Control 10.2 Perform Complete System Backups, CIS Controls, V7)
  • Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data. (CIS Control 11: Safeguard 11.2 Perform Automated Backups, CIS Controls, V8)
  • Backups of information are conducted, maintained, and tested periodically. (PR.IP-4, CRI Profile, v1.2)
  • Conducts backups of user-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Conducts backups of system-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Conducts backups of user-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Conducts backups of system-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Conducts backups of user-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Conducts backups of system-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Conducts backups of system-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Conducts backups of user-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives. (A1.2, Trust Services Criteria)
  • The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data backup processes, and recovery infrastructure to meet its objectives. (A1.2 ¶ 1, Trust Services Criteria, (includes March 2020 updates))
  • Environmental protections, software, data backup processes, and recovery infrastructure are authorized, designed, developed, implemented, operated, approved, maintained, and monitored to meet the entity’s availability commitments and system requirements. (A1.2, TSP 100A - Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • regularly backing up systems and data as part of a sustainable disaster recovery and business continuity plan; (Information Security Program Bullet 3 Deployment of Protective Measures Against the Identified Threats and Vulnerabilities ¶ 1 Sub-bullet 9, 9070 - NFA Compliance Rules 2-9, 2-36 and 2-49: Information Systems Security Programs)
  • Regularly perform and test data back-ups. (RE.2.137, Cybersecurity Maturity Model Certification, Version 1.0, Level 2)
  • Regularly perform complete, comprehensive, and resilient data back-ups as organizationally defined. (RE.3.139, Cybersecurity Maturity Model Certification, Version 1.0, Level 3)
  • Regularly perform and test data back-ups. (RE.2.137, Cybersecurity Maturity Model Certification, Version 1.0, Level 3)
  • Regularly perform complete, comprehensive, and resilient data back-ups as organizationally defined. (RE.3.139, Cybersecurity Maturity Model Certification, Version 1.0, Level 4)
  • Regularly perform and test data back-ups. (RE.2.137, Cybersecurity Maturity Model Certification, Version 1.0, Level 4)
  • Regularly perform complete, comprehensive, and resilient data back-ups as organizationally defined. (RE.3.139, Cybersecurity Maturity Model Certification, Version 1.0, Level 5)
  • Regularly perform and test data back-ups. (RE.2.137, Cybersecurity Maturity Model Certification, Version 1.0, Level 5)
  • Additionally, all DoD information/data and CSP information/data shared with the Mission Owner must be made available for off-boarding and backup IAW sections 5.8, Data Retrieval and Destruction for Off-boarding from a CSO and 5.12 - Backup. (Section 5.2.3 ¶ 4, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)
  • Conducts backups of system-level information contained in the information system [FedRAMP Assignment: daily incremental; weekly full]; (CP-9b. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Conducts backups of user-level information contained in the information system [FedRAMP Assignment: daily incremental; weekly full]; (CP-9a. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Conducts backups of user-level information contained in the information system [FedRAMP Assignment: daily incremental; weekly full]; (CP-9a. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Conducts backups of system-level information contained in the information system [FedRAMP Assignment: daily incremental; weekly full]; (CP-9b. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Conducts backups of system-level information contained in the information system [FedRAMP Assignment: daily incremental; weekly full]; (CP-9b. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Conducts backups of user-level information contained in the information system [FedRAMP Assignment: daily incremental; weekly full]; (CP-9a. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization must conduct backups of all systems and Federal Tax Information. (§ 5.6.6, IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information)
  • Conduct backups of system-level information contained in the system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Conduct backups of user-level information contained in [Assignment: organization-defined system components] [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Conduct backups of user-level information contained in [Assignment: organization-defined system components] [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Conduct backups of system-level information contained in the system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Conduct backups of user-level information contained in [Assignment: organization-defined system components] [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Conduct backups of system-level information contained in the system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Backups of information are conducted, maintained, and tested periodically (PR.IP-4, Framework for Improving Critical Infrastructure Cybersecurity, v1.1)
  • Backups of information are conducted, maintained, and tested periodically. (PR.IP-4, Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0)
  • Organizational records and documents should be examined to ensure the information required to be backed up is identified; the storage location is identified; backups are conducted on a regular basis; and specific responsibilities and actions are defined for the implementation of the information syst… (CP-9, Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A)
  • Conducts backups of user-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Conducts backups of user-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Conducts backups of user-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Conducts backups of system-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Conducts backups of system-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Conducts backups of system-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Perform backup and recovery of databases to ensure data integrity. (T0162, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures). (T0190, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Backups of information are conducted, maintained, and tested. (PR.PO-P3, NIST Privacy Framework: A Tool For Improving Privacy Through Enterprise Risk Management, Version 1.0)
  • Perform backup and recovery of databases to ensure data integrity. (T0162, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures). (T0190, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • The organization conducts backups of user-level information contained in the information system {according to organizationally documented frequency consistent with recovery time objectives}. (CP-9a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of user-level information contained in the information system {organizationally documented recovery point objectives}. (CP-9a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of system-level information contained in the information system {according to organizationally documented frequency consistent with recovery time objectives}. (CP-9b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of system-level information contained in the information system {organizationally documented recovery point objectives}. (CP-9b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of information system documentation including security-related documentation {according to organizationally documented frequency consistent with recovery time objectives}. (CP-9c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of information system documentation including security-related documentation {organizationally documented recovery point objectives}. (CP-9c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of user-level information contained in the information system {according to organizationally documented frequency consistent with recovery time objectives}. (CP-9a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of user-level information contained in the information system {organizationally documented recovery point objectives}. (CP-9a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of system-level information contained in the information system {according to organizationally documented frequency consistent with recovery time objectives}. (CP-9b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of system-level information contained in the information system {organizationally documented recovery point objectives}. (CP-9b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of information system documentation including security-related documentation {according to organizationally documented frequency consistent with recovery time objectives}. (CP-9c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of information system documentation including security-related documentation {organizationally documented recovery point objectives}. (CP-9c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of user-level information contained in the information system {according to organizationally documented frequency consistent with recovery time objectives}. (CP-9a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of user-level information contained in the information system {organizationally documented recovery point objectives}. (CP-9a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of system-level information contained in the information system {according to organizationally documented frequency consistent with recovery time objectives}. (CP-9b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of system-level information contained in the information system {organizationally documented recovery point objectives}. (CP-9b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of information system documentation including security-related documentation {according to organizationally documented frequency consistent with recovery time objectives}. (CP-9c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of information system documentation including security-related documentation {organizationally documented recovery point objectives}. (CP-9c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of user-level information contained in the information system {according to organizationally documented frequency consistent with recovery time objectives}. (CP-9a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of user-level information contained in the information system {organizationally documented recovery point objectives}. (CP-9a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of system-level information contained in the information system {according to organizationally documented frequency consistent with recovery time objectives}. (CP-9b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of system-level information contained in the information system {organizationally documented recovery point objectives}. (CP-9b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of information system documentation including security-related documentation {according to organizationally documented frequency consistent with recovery time objectives}. (CP-9c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization conducts backups of information system documentation including security-related documentation {organizationally documented recovery point objectives}. (CP-9c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • Conducts backups of system-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Conducts backups of user-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Conducts backups of user-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Conducts backups of system-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Conducts backups of user-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Conducts backups of system-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Conducts backups of user-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Conducts backups of system-level information contained in the information system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Conduct backups of user-level information contained in [Assignment: organization-defined system components] [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Conduct backups of system-level information contained in the system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; (CP-9b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Conducts backups of user-level information contained in the information system [TX-RAMP Assignment: daily incremental; weekly full]; (CP-9a., TX-RAMP Security Controls Baseline Level 1)
  • Conducts backups of system-level information contained in the information system [TX-RAMP Assignment: daily incremental; weekly full]; (CP-9b., TX-RAMP Security Controls Baseline Level 1)
  • Conducts backups of user-level information contained in the information system [TX-RAMP Assignment: daily incremental; weekly full]; (CP-9a., TX-RAMP Security Controls Baseline Level 2)
  • Conducts backups of system-level information contained in the information system [TX-RAMP Assignment: daily incremental; weekly full]; (CP-9b., TX-RAMP Security Controls Baseline Level 2)