Navigate

CCI-002850

CCI-002850 Definition

Store backup copies of organization-defined critical system software and other security-related information in a separate facility or in a fire-rated container that is not collocated with the operational system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed stores backup copies of critical information system software and other security-related information defined in CP-9 (3), CCI 2849 in a separate facility or in a fire-rated container that is not collocated with the operational system. The organization must maintain a record of where software is stored.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the record of where software is stored to ensure the organization being inspected/assessed stores backup copies of critical information system software and other security-related information defined in CP-9 (3), CCI 2849 in a separate facility or in a fire-rated container that is not collocated with the operational system.

Compelling Evidence

1.) List of critical information system software which backup copies must be stored in a separate facility or in a fire-rated container

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002850.

Control	Description
CP-9(3)	The organization stores backup copies of [organization-defined critical information system software and other security-related information] in a separate facility or in a fire-rated container that is not collocated with the operational system.