Skip to main content

💼 PR.DS-11: Backups of data are created, protected, maintained, and tested

  • ID: /frameworks/nist-csf-v2.0/pr-ds/11

Description

  1. Continuously back up critical data in near-real-time, and back up other data frequently at agreed-upon schedules
  2. Test backups and restores for all types of data sources at least annually
  3. Securely store some backups offline and offsite so that an incident or disaster will not damage them
  4. Enforce geographic separation and geolocation restrictions for data backup storage

Similar

  • Sections
    • /frameworks/nist-csf-v1.1/pr-ip/04
    • /frameworks/nist-sp-800-53-r5/cp/06
    • /frameworks/nist-sp-800-53-r5/cp/09

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 PR.IP-4: Backups of information are conducted, maintained, and tested48no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-6 Alternate Storage Site319no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-9 System Backup811no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (15)

PolicyLogic CountFlagsCompliance
🛡️ AWS CloudTrail Log File Validation is not enabled🟢1🟢 x6no data
🛡️ AWS DynamoDB Table does not have on-demand backups in the past 90 days🟢1🟢 x6no data
🛡️ AWS DynamoDB Table Point In Time Recovery is not enabled🟢1🟢 x6no data
🛡️ AWS ElastiCache Redis Cluster automatic backups are not enabled🟢1🟢 x6no data
🛡️ AWS RDS Instance automated backups are not enabled🟢1🟢 x6no data
🛡️ AWS Redshift Cluster automatic major version upgrade is not enabled🟢1🟢 x6no data
🛡️ AWS Redshift Cluster Automated Snapshot Retention Period is not set🟢1🟢 x6no data
🛡️ AWS S3 Bucket Lifecycle Configuration is not enabled🟢1🟢 x6no data
🛡️ AWS S3 Bucket Versioning is not enabled🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure Storage Blob Containers Soft Delete is not enabled🟢1🟢 x6no data
🛡️ Google Cloud SQL Instance Automated Backups are not configured🟢1🟢 x6no data
🛡️ Google Logging Log Sink exports logs to a Storage Bucket without Bucket Lock🟢1🟢 x6no data
🛡️ Google Logging Log Sink for All Log Entries is not configured🟢1🟢 x6no data
🛡️ Google Storage Bucket with Log Sink does not have Versioning🟢1🟢 x6no data