πΌ PR.DS-11: Backups of data are created, protected, maintained, and tested
- Contextual name: πΌ PR.DS-11: Backups of data are created, protected, maintained, and tested
- ID:
/frameworks/nist-csf-v2.0/pr-ds/11 - Located in: πΌ Data Security (PR.DS)
Descriptionβ
- Continuously back up critical data in near-real-time, and back up other data frequently at agreed-upon schedules
- Test backups and restores for all types of data sources at least annually
- Securely store some backups offline and offsite so that an incident or disaster will not damage them
- Enforce geographic separation and geolocation restrictions for data backup storage
Similarβ
- Sections
/frameworks/nist-csf-v1.1/pr-ip/04/frameworks/nist-sp-800-53-r5/cp/06/frameworks/nist-sp-800-53-r5/cp/09
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ PR.IP-4: Backups of information are conducted, maintained, and tested | 4 | 7 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ CP-6 Alternate Storage Site | 3 | 4 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ CP-9 System Backup | 8 | 4 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (9)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS CloudTrail Log File Validation is not enabled π’ | 1 | π’ x6 |
| π AWS DynamoDB Table Point In Time Recovery is not enabled π’ | 1 | π’ x6 |
| π AWS S3 Bucket Lifecycle Configuration is not enabled π’ | 1 | π’ x6 |
| π AWS S3 Bucket Versioning is not enabled π’ | 1 | π’ x6 |
| π Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON π’ | 1 | π’ x6 |
| π Azure Storage Blob Containers Soft Delete is not enabled π’ | 1 | π’ x6 |
| π Google Cloud SQL Instance Automated Backups are not configured π’ | 1 | π’ x6 |
| π Google Logging Log Sink exports logs to a Storage Bucket without Bucket Lock π’ | 1 | π’ x6 |
| π Google Logging Log Sink for All Log Entries is not configured π’ | 1 | π’ x6 |