CP-09 System Backup

a. Conduct backups of user-level information contained in cp-09_odp.01 cp-09_odp.02;

b. Conduct backups of system-level information contained in the system cp-09_odp.03;

c. Conduct backups of system documentation, including security- and privacy-related documentation cp-09_odp.04 ; and

d. Protect the confidentiality, integrity, and availability of backup information.

Parameter ID Definition
cp-09_odp.01 system components
cp-09_odp.02 frequency
cp-09_odp.03 frequency
cp-09_odp.04 frequency



System-level information includes system state information, operating system software, middleware, application software, and licenses. User-level information includes information other than system-level information. Mechanisms employed to protect the integrity of system backups include digital signatures and cryptographic hashes. Protection of system backup information while in transit is addressed by MP-5 and SC-8 . System backups reflect the requirements in contingency plans as well as other organizational requirements for backing up information. Organizations may be subject to laws, executive orders, directives, regulations, or policies with requirements regarding specific categories of information (e.g., personal health information). Organizational personnel consult with the senior agency official for privacy and legal counsel regarding such requirements.

References 5

Control Enhancements 8

Related controls 10