10.4: Protect Backups
Ensure that backups are properly protected via physical security or encryption when they are stored, as well as when they are moved across the network. This includes remote backups and cloud services.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Data |
Protect |
1, 2, 3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Sub-control 5.1: Establish Secure Configurations
Inputs
The list of endpoints configured for periodic backup, derived from the endpoint inventory (see sub-control 1.4)
The organization’s backup configuration policy
Assumptions
Backup software (either OS or 3d party) is installed and appropriately configured on endpoints identified in Input 1
Operations
Interrogate the organization’s backup configuration policy to determine if backups are configured to be encrypted
For each endpoint, examine its backup configuration policy to ensure that encrypted backups are configured, noting appropriately and inappropriately configured endpoints along the way.
Measures
M1 = List of endpoints
M2 = Count of M1
M3 = List of appropriately configured endpoints
M4 = Count of M3
M5 = List of inappropriately configured endpoints
M6 = Count of M5
Metrics
Coverage
Metric |
What percentage backups are protected via physical security/encryption? |
Calculation |
|