N
|
controlCP-9

System Backup (CP-9)

Conduct backups of user-level information contained in [organization-defined] [organization-defined]; Conduct backups of system-level information contained in the system [organization-defined]; Conduct backups of system documentation, including security- and privacy-related documentation [organization-defined] ; and Protect the confidentiality, integrity, and availability of backup information.

Security Baselines

LOWMODERATEHIGH
contingencydisaster-recoverybusiness-continuity

Why These Connect

Baselined In3

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports32

These related controls work together — a change to one may affect the others.

Mitigates2

This control helps defend against or reduce the risk of the linked threat technique.

Enhances8

These enhancements add specific capabilities or refinements to the base control.

Related Controls(20)

AC-5Separation of Duties (AC-5)
MH
CM-2Baseline Configuration (CM-2)
LMH
CM-6Configuration Settings (CM-6)
LMH
CM-8System Component Inventory (CM-8)
LMH
CP-2Contingency Plan (CP-2)
LMH
CP-4Contingency Plan Testing (CP-4)
LMH
CP-6Alternate Storage Site (CP-6)
MH
CP-7Alternate Processing Site (CP-7)
MH
CP-10System Recovery and Reconstitution (CP-10)
LMH
MP-4Media Storage (MP-4)
MH
MP-5Media Transport (MP-5)
MH
SC-8Transmission Confidentiality and Integrity (SC-8)
MH
SC-12Cryptographic Key Establishment and Management (SC-12)
LMH
SC-13Cryptographic Protection (SC-13)
LMH
SI-4System Monitoring (SI-4)
LMH
SI-13Predictable Failure Prevention (SI-13)MP-2Media Access (MP-2)
LMH
MP-3Media Marking (MP-3)
MH
SA-24Design For Cyber Resiliency (SA-24)SC-28Protection of Information at Rest (SC-28)
MH

Threat Coverage(2 ATT&CK techniques)

T1486Data Encrypted for ImpactT1485Data Destruction

Control Enhancements(8)

CP-9(1)Testing for Reliability and Integrity (CP-9(1))
MH
CP-9(2)Test Restoration Using Sampling (CP-9(2))
H
CP-9(3)Separate Storage for Critical Information (CP-9(3))
H
CP-9(4)Protection from Unauthorized Modification (CP-9(4))W
CP-9(5)Transfer to Alternate Storage Site (CP-9(5))
H
CP-9(6)Redundant Secondary System (CP-9(6))
CP-9(7)Dual Authorization for Deletion or Destruction (CP-9(7))
CP-9(8)Cryptographic Protection (CP-9(8))
MH

See Also

@SP 800-53 OverviewCompare Baselines