CCI-002849

Defines critical system software and other security-related information, of which backup copies must be stored in a separate facility or in a fire-rated container.

Implementation Guidance

The organization being inspected/assessed defines and documents critical information system software and other security-related information which backup copies must be stored in a separate facility or in a fire-rated container. DoD has determined the critical information system software and other security-related information is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented critical information system software and other security-related information to ensure the organization being inspected/assessed defines critical information system software and other security-related information which backup copies must be stored in a separate facility or in a fire-rated container. DoD has determined the critical information system software and other security-related information is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) List of critical information system software which backup copies must be stored in a separate facility or in a fire-rated container

The controls below (if any) were marked by NIST as being related to CCI-002849.