Overview:
Protect the confidentiality of backup CUI at storage locations.
Action Items:
3.8.9[a]
Determine if: the confidentiality of backup CUI is protected at storage locations.
POTENTIAL ASSESSMENT METHODS AND OBJECTS
1
Examine: Procedures addressing system backup; system configuration settings and associated documentation; security plan; backup storage locations; system backup logs or records; other relevant documents or records].
2
Interview: Personnel with system backup responsibilities; personnel with information security responsibilities].
3
Test: Organizational processes for conducting system backups; mechanisms supporting or implementing system backups].
Related Documents (document name and content will vary by organization):
1) Procedures addressing system backup
2) system configuration settings and associated documentation
3) security plan
4) backup storage locations
5) system backup logs or records
6) other relevant documents or records
Additional Guidance:
Backed-up information containing CUI may include system-level information and user-level information. System-level information includes, for example, system-state information, operating system software and application software, and licenses. User-level information includes information other than system-level information. Organizations can employ cryptographic mechanisms or alternative physical safeguards to protect the confidentiality of backup information at designated storage locations.
Article ID: 177
Created: September 26, 2022
Last Updated: September 26, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/nist-800-171-secure-backups-3-8-9-177.html