Skip to main content

💼 PR.DS-11: Backups of data are created, protected, maintained, and tested

  • Contextual name: 💼 PR.DS-11: Backups of data are created, protected, maintained, and tested
  • ID: /frameworks/nist-csf-v2.0/pr-ds/11
  • Located in: 💼 Data Security (PR.DS)

Description

  1. Continuously back up critical data in near-real-time, and back up other data frequently at agreed-upon schedules
  2. Test backups and restores for all types of data sources at least annually
  3. Securely store some backups offline and offsite so that an incident or disaster will not damage them
  4. Enforce geographic separation and geolocation restrictions for data backup storage

Similar

  • Sections
    • /frameworks/nist-csf-v1.1/pr-ip/04
    • /frameworks/nist-sp-800-53-r5/cp/06
    • /frameworks/nist-sp-800-53-r5/cp/09

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 PR.IP-4: Backups of information are conducted, maintained, and tested47
💼 NIST SP 800-53 Revision 5 → 💼 CP-6 Alternate Storage Site35
💼 NIST SP 800-53 Revision 5 → 💼 CP-9 System Backup84

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (9)

PolicyLogic CountFlags
📝 AWS CloudTrail Log File Validation is not enabled 🟢1🟢 x6
📝 AWS DynamoDB Table Point In Time Recovery is not enabled 🟢1🟢 x6
📝 AWS S3 Bucket Lifecycle Configuration is not enabled 🟢1🟢 x6
📝 AWS S3 Bucket Versioning is not enabled 🟢1🟢 x6
📝 Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON 🟢1🟢 x6
📝 Azure Storage Blob Containers Soft Delete is not enabled 🟢1🟢 x6
📝 Google Cloud SQL Instance Automated Backups are not configured 🟢1🟢 x6
📝 Google Logging Log Sink exports logs to a Storage Bucket without Bucket Lock 🟢1🟢 x6
📝 Google Logging Log Sink for All Log Entries is not configured 🟢1🟢 x6