💼 CP-9 System Backup
- ID:
/frameworks/nist-sp-800-53-r5/cp/09
Description
a. Conduct backups of user-level information contained in [Assignment: organization-defined system components] [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives];
b. Conduct backups of system-level information contained in the system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives];
c. Conduct backups of system documentation, including security- and privacy-related documentation [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; and
d. Protect the confidentiality, integrity, and availability of backup information.
Similar
- Sections
/frameworks/aws-fsbp-v1.0.0/dynamodb/02/frameworks/aws-fsbp-v1.0.0/efs/02/frameworks/aws-fsbp-v1.0.0/elasticache/01/frameworks/aws-fsbp-v1.0.0/fsx/02/frameworks/aws-fsbp-v1.0.0/rds/11/frameworks/aws-fsbp-v1.0.0/rds/14/frameworks/aws-fsbp-v1.0.0/redshift/03/frameworks/aws-fsbp-v1.0.0/redshift/06/frameworks/aws-fsbp-v1.0.0/s3/13
- Internal
- ID:
dec-c-e8e4c9c8
- ID:
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 CP-9 System Backup (L)(M)(H) | 5 | 4 | 10 | no data | |
| 💼 FedRAMP Low Security Controls → 💼 CP-9 System Backup (L)(M)(H) | 9 | no data | |||
| 💼 NIST CSF v2.0 → 💼 PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected | 148 | no data | |||
| 💼 NIST CSF v2.0 → 💼 PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected | 142 | no data | |||
| 💼 NIST CSF v2.0 → 💼 PR.DS-11: Backups of data are created, protected, maintained, and tested | 12 | no data | |||
| 💼 NIST CSF v2.0 → 💼 RC.RP-03: The integrity of backups and other restoration assets is verified before using them for restoration | 6 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CP-9(1) System Backup _ Testing for Reliability and Integrity | no data | ||||
| 💼 CP-9(2) System Backup _ Test Restoration Using Sampling | no data | ||||
| 💼 CP-9(3) System Backup _ Separate Storage for Critical Information | no data | ||||
| 💼 CP-9(4) System Backup _ Protection from Unauthorized Modification | no data | ||||
| 💼 CP-9(5) System Backup _ Transfer to Alternate Storage Site | no data | ||||
| 💼 CP-9(6) System Backup _ Redundant Secondary System | no data | ||||
| 💼 CP-9(7) System Backup _ Dual Authorization for Deletion or Destruction | no data | ||||
| 💼 CP-9(8) System Backup _ Cryptographic Protection | 1 | no data |
Policies (6)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS DynamoDB Table Point In Time Recovery is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS ElastiCache Redis Cluster automatic backups are not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS RDS Instance automated backups are not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS S3 Bucket Lifecycle Configuration is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS S3 Bucket Versioning is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud SQL Instance Automated Backups are not configured🟢 | 1 | 🟢 x6 | no data |