CP-9(1): Testing for Reliability and Integrity

Control Family:

Contingency Planning

Parent Control:

CP-9: System Backup

CSF v1.1 References:

CSF v2.0 References:

Threats Addressed:


  • Moderate
  • High

Previous Version:

Control Statement

Test backup information [Assignment: organization-defined frequency] to verify media reliability and information integrity.

Supplemental Guidance

Organizations need assurance that backup information can be reliably retrieved. Reliability pertains to the systems and system components where the backup information is stored, the operations used to retrieve the information, and the integrity of the information being retrieved. Independent and specialized tests can be used for each of the aspects of reliability. For example, decrypting and transporting (or transmitting) a random sample of backup files from the alternate storage or backup site and comparing the information to the same information at the primary processing site can provide such assurance.