CCI-000539
CCI-000539 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if backups of system documentation, including security- and privacy-related documentation are conducted [CP-09_ODP[04]; frequency at which to conduct backups of system documentation consistent with recovery time and recovery point objectives is defined].
Validation Procedures
Examine: [SELECT FROM: Contingency planning policy; procedures addressing system backup; contingency plan; backup storage location(s); system backup logs or records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system backup responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for conducting system backups; mechanisms supporting and/or implementing system backups].