CCI-000539

The organization conducts backups of information system documentation, including security-related documentation, per an organization-defined frequency that is consistent with recovery time and recovery point objectives.

Implementation Guidance

The organization being inspected/assessed conducts backups of information system documentation including security-related documentation when created or received, when updated, and as required by system baseline configuration changes in accordance with the contingency plan.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the latest version of the information system documentation including security-related documentation to verify it is the same version as contained in backups.

Compelling Evidence

1.) Signed and dated contingency plan, referencing frequency of backup sections 2.) Sample or audit of backup

The controls below (if any) were marked by NIST as being related to CCI-000539.