CCI-000539

Conduct backups of system documentation, including security-related documentation, per an organization-defined frequency that is consistent with recovery time and recovery point objectives.

Implementation Guidance

Determine if backups of system documentation, including security- and privacy-related documentation are conducted [CP-09_ODP[04]; frequency at which to conduct backups of system documentation consistent with recovery time and recovery point objectives is defined].

Validation Procedures

Examine: [SELECT FROM: Contingency planning policy; procedures addressing system backup; contingency plan; backup storage location(s); system backup logs or records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system backup responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for conducting system backups; mechanisms supporting and/or implementing system backups].

The controls below (if any) were marked by NIST as being related to CCI-000539.