10: Data Recovery Capabilities
Threats Addressed:
Control Statement
The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]
Subcontrols
10.1: Ensure Regular Automated BackUps
Ensure that all system data is automatically backed up on a regular basis.
10.2: Perform Complete System Backups
Ensure that all of the organization's key systems are backed up as a complete system, through processes such as imaging, to enable the quick recovery of an entire system.
10.3: Test Data on Backup Media
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]
10.4: Protect Backups
Ensure that backups are properly protected via physical security or encryption when they are stored, as well as when they are moved across the network. This includes remote backups and cloud services.
10.5: Ensure All Backups Have at Least One Offline Backup Destination
Ensure that all backups have at least one offline (i.e., not accessible via a network connection) backup destination.