πΌ CP-9 System Backup (L)(M)(H)
- Contextual name: πΌ CP-9 System Backup (L)(M)(H)
- ID:
/frameworks/fedramp-high-security-controls/cp/09 - Located in: πΌ Contingency Planning
Descriptionβ
a. Conduct backups of user-level information contained in [Assignment: organization-defined system components][FedRAMP Assignment: daily incremental; weekly full];
b. Conduct backups of system-level information contained in the system [FedRAMP Assignment: daily incremental; weekly full];
c. Conduct backups of system documentation, including security- and privacy-related documentation [FedRAMP Assignment: daily incremental; weekly full]; and
d. Protect the confidentiality, integrity, and availability of backup information.
CP-9 Additional FedRAMP Requirements and Guidance:
Requirement: The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check.
(a) Requirement: The service provider maintains at least three (3) backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative.
(b) Requirement: The service provider maintains at least three (3) backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative.
(c) Requirement: The service provider maintains at least three (3) backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/cp/09
- Internal
- ID:
dec-c-bf2e90c5
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ CP-9 System Backup | 8 | 1 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP Low Security Controls β πΌ CP-9 System Backup (L)(M)(H) | 6 | |||
| πΌ FedRAMP Moderate Security Controls β πΌ CP-9 System Backup (L)(M)(H) | 2 | 6 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CP-9(1) Testing for Reliability and Integrity (M)(H) | ||||
| πΌ CP-9(2) Test Restoration Using Sampling (H) | ||||
| πΌ CP-9(3) Separate Storage for Critical Information (H) | ||||
| πΌ CP-9(5) Transfer to Alternate Storage Site (H) | ||||
| πΌ CP-9(8) Cryptographic Protection (M)(H) |
Policies (6)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS Account Multi-Region CloudTrail is not enabled π’ | 1 | π’ x6 |
| π AWS CloudTrail Log File Validation is not enabled π’ | 1 | π’ x6 |
| π AWS S3 Bucket Lifecycle Configuration is not enabled π’ | 1 | π’ x6 |
| π AWS S3 Bucket Versioning is not enabled π’ | 1 | π’ x6 |
| π Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON π’ | 1 | π’ x6 |
| π Azure Storage Blob Containers Soft Delete is not enabled π’ | 1 | π’ x6 |
Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-2a9e5255 | 1 | |
| βοΈ dec-x-850beea8 | 1 | |
| βοΈ dec-x-a8281d05 | 1 | |
| βοΈ dec-x-b1e1a494 | 1 | |
| βοΈ dec-z-3f480eb5 | 1 |