Back

Include the backup procedures for information necessary to recover functionality in the recovery plan.


CONTROL ID
13294
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a recovery plan., CC ID: 13288

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • You hold accessible and secured current backups of data and information needed to recover operation of your essential function. (B5.c ¶ 1, NCSC CAF guidance, 3.1)
  • The recovery plan includes plans to come back for both traditional and highly available (e.g., cloud) infrastructure. (RC.RP-1.6, CRI Profile, v1.2)
  • The recovery plan includes plans to come back for both traditional and highly available (e.g., cloud) infrastructure. (RC.RP-1.6, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • One or more processes for the backup and storage of information required to recover BES Cyber System functionality. (CIP-009-6 Table R1 Part 1.3 Requirements ¶ 1., North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Recovery Plans for BES Cyber Systems CIP-009-6, Version 6)
  • Business continuity and disaster recovery plans that include maintaining backup and recovery capabilities sufficiently resilient and geographically diverse and that are reasonably designed to achieve next business day resumption of trading and two-hour resumption of critical SCI systems following a … (§242.1001(a)(2)(v), 17 CFR PART 242, Regulations M, SHO, ATS, AC, NMS, and SBSR and Customer Margin Requirements for Security Futures)
  • Backup types (physical or virtual). (App A Objective 6:3e Bullet 1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Backup levels (full, incremental, or differential). (App A Objective 6:3e Bullet 2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Commercial cash management. (App A Objective 8:5c Bullet 3, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Core processing. (App A Objective 8:5c Bullet 1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Data center activities. (App A Objective 8:5c Bullet 6, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Customer identification. (App A Objective 8:5c Bullet 5, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Processes and procedures for the backup and secure storage of information. (§ 6.2.6.2 ICS-specific Recommendations and Guidance ¶ 1 Bullet 4, Guide to Industrial Control Systems (ICS) Security, Revision 2)