Description:
Organizations can employ cryptographic mechanisms or alternative physical controls to protect the confidentiality of backup information at designated storage locations. Backed-up information containing CUI may include system-level information and user-level information. System-level information includes system-state information, operating system software, application software, and licenses. User-level information includes information other than system-level information.
Priority: High
Category: Business Continuity
Services Associated with AWS:
- AWS Backup, AWS S (Amazon Simple Storage Service), AWS KMS (Key Management Service)
Objective Evidence:
- Administrative: documented policies, standards & procedures
- Administrative: supporting documentation to demonstrate how backups are performed
- Technical: screenshot of backup configurations (cryptography in use)
Possible Technology Considerations :
- Backup Solution
- Business Continuity / Disaster Recovery (BC/DR)
What needs to be answered :
Are data backups encrypted on media before removal from a secured facility? Is the confidentiality and integrity of backup information protected at the storage location? Are data backups encrypted on media before removal from the company’s secured facility?
- Confidentiality Protection for Backup CUI at Storage Locations
Description: This check ensures that organizations have implemented measures to protect the confidentiality of backup Controlled Unclassified Information (CUI) at designated storage locations. Backup information may include system-level and user-level data, and safeguarding its confidentiality is essential to prevent unauthorized access or disclosure.
More Details:
Backup CUI stored in secure systems with controlled access.