Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization uses a sample of backup information in the restoration of selected system functions as part of contingency plan testing.
NIST 800-53 (r4) Supplemental Guidance:
Related controls: CP-4.
NIST 800-53 (r5) Discussion:
Organizations need assurance that system functions can be restored correctly and can support established organizational missions. To ensure that the selected system functions are thoroughly exercised during contingency plan testing, a sample of backup information is retrieved to determine whether the functions are operating as intended. Organizations can determine the sample size for the functions and backup information based on the level of assurance needed.
38North Guidance:
Meets Minimum Requirement:
CP testing must include a sample of the backup information.
Best Practice:
TBD.
Unofficial FedRAMP Guidance: None.
Assessment Evidence:
CP documents that include information for a schedule for when/how backup testing is conducted for user-level, system-level, and information system security-related documentation.
Provide the records/results of the last CP testing, highlighting the sample backup information used.
Provide proof of failed backups being successfully completed including the monitoring of backups.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse