CP-9 - Information System Backup
Control requirements
The organization:
- CP-9 (a)
- Conducts backups of user-level information contained in the information system [IBM Assignment: daily incremental; weekly full];
- CP-9 (b)
- Conducts backups of system-level information contained in the information system [IBM Assignment: daily incremental; weekly full];
- CP-9 (c)
- Conducts backups of information system documentation including security-related documentation [IBM Assignment: daily incremental; weekly full]; and
- CP-9 (d)
- Protects the confidentiality, integrity, and availability of backup information at storage locations.
Implementation guidance
See the resources that follow to learn more about how to implement this control.
IBM Cloud for Financial Services profile
The rules related to this control that follow are part of the IBM Cloud for Financial Services v1.2.0 profile in IBM Cloud® Security and Compliance Center.
| Requirement ID | Rules |
|---|---|
| CP-9 (b) |
|
| CP-9 (d) |
|
NIST supplemental guidance
System-level information includes, for example, system-state information, operating system and application software, and licenses. User-level information includes any information other than system-level information. Mechanisms employed by organizations to protect the integrity of information system backups include, for example, digital signatures and cryptographic hashes. Protection of system backup information while in transit is beyond the scope of this control. Information system backups reflect the requirements in contingency plans as well as other organizational requirements for backing up information.