PR.DS-11: Backups of data are created, protected, maintained, and tested

Info icon.

Subcategory is new to this version of the framework and incorporates the following item from the previous version: PR.IP-4: Backups of information are conducted, maintained, and tested.


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Continuously back up critical data in near-real-time, and back up other data frequently at agreed-upon schedules

Ex2: Test backups and restores for all types of data sources at least annually

Ex3: Securely store some backups offline and offsite so that an incident or disaster will not damage them

Ex4: Enforce geographic separation and geolocation restrictions for data backup storage