Navigate

CCI-000539

CCI-000539 Definition

Conduct backups of system documentation, including security-related documentation, per an organization-defined frequency that is consistent with recovery time and recovery point objectives.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed conducts backups of information system documentation including security-related documentation when created or received, when updated, and as required by system baseline configuration changes in accordance with the contingency plan.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the latest version of the information system documentation including security-related documentation to verify it is the same version as contained in backups.

Compelling Evidence

1.) Signed and dated contingency plan, referencing frequency of backup sections 2.) Sample or audit of backup

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000539.

Control	Description
CP-9	The organization: a: Conducts backups of user-level information contained in the information system [one of ]; b: Conducts backups of system-level information contained in the information system [one of ]; c: Conducts backups of information system documentation including security-related documentation [one of ]; and d: Protects the confidentiality, integrity, and availability of backup information at storage locations.

Control

Description

CP-9

The organization:

a: Conducts backups of user-level information contained in the information system [one of ];

b: Conducts backups of system-level information contained in the information system [one of ];

c: Conducts backups of information system documentation including security-related documentation [one of ]; and

d: Protects the confidentiality, integrity, and availability of backup information at storage locations.