CP-9: System Backup

Statement

• a.

  Conduct backups of user-level information contained in system components frequency ;

• b.

  Conduct backups of system-level information contained in the system frequency ;

• c.

  Conduct backups of system documentation, including security- and privacy-related documentation frequency ; and

• d.

  Protect the confidentiality, integrity, and availability of backup information.

• • Requirement:

    The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check.

  • (a) Requirement:

    The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative.

  • (b) Requirement:

    The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative.

  • (c) Requirement:

    The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative.