{"id":1177,"date":"2024-07-17T16:42:44","date_gmt":"2024-07-17T16:42:44","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1177"},"modified":"2024-09-06T21:09:40","modified_gmt":"2024-09-06T21:09:40","slug":"cp-9-system-backup","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/contingency-planning-cp\/cp-9-system-backup\/","title":{"rendered":"CP-9: System Backup"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">CP-9: System Backup<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>07\/10\/2024&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>Tarleton State University (Tarleton) conducts backups of system-level information and critical user-level information for High Impact information resources contained in the information system and protects backup information at the alternate storage and processing sites, as follows:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Data stored or processed on&nbsp;information resources shall be backed up on a scheduled basis periodically.&nbsp;\n<ul class=\"wp-block-list\">\n<li>Backups for&nbsp;data&nbsp;stored on&nbsp;information resources shall be stored&nbsp;off-site&nbsp;in a secure, environmentally safe facility accessible only to authorized Tarleton&nbsp;representatives.&nbsp;<\/li>\n\n\n\n<li>Backups for&nbsp;data&nbsp;stored on&nbsp;information resources shall contain at least one immutable copy which may not be deleted unless the retention period has expired.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The frequency and extent of backups shall be determined by the potential impact of&nbsp;data&nbsp;loss or corruption and, risk management decisions by the information resource owner&nbsp;<\/li>\n\n\n\n<li>Physical access controls implemented at&nbsp;off-site&nbsp;backup storage locations shall meet or exceed the physical access controls of the original site. In addition, backup information resources must be protected in accordance with the most restrictive classification of&nbsp;data&nbsp;that is being transmitted or stored. (For example, if data classified as&nbsp;confidential&nbsp;is combined with data classified at a lower-level then the protection for all the backed-up files must be at the confidential level.).&nbsp;<\/li>\n\n\n\n<li>Where the original&nbsp;data&nbsp;source is required to be encrypted, the backup shall also be similarly encrypted.&nbsp;<\/li>\n\n\n\n<li>Processes must be in place to maintain the confidentiality, integrity, and availability of information resource backups.&nbsp;<\/li>\n\n\n\n<li>The backup process should ensure that the entire volume(s) or system of&nbsp;data&nbsp;stored from the originating information resource(s) is recoverable (i.e., ensure that an entire volume or system can be restored and not just one file). Backup and recovery procedures shall be tested at least annually to ensure that they are viable.&nbsp;<\/li>\n\n\n\n<li>All electronically backed up information resources shall be sufficiently identified and inventoried to enable staff to retrieve and protect&nbsp;data&nbsp;as needed.&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\">References\/Additional Resources<\/h3>\n\n\n\n<p><a href=\"https:\/\/doi.org\/10.6028\/NIST.FIPS.140-3\" target=\"_blank\" rel=\"noreferrer noopener\">FIPS 140-3<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/doi.org\/10.6028\/NIST.FIPS.186-4\" target=\"_blank\" rel=\"noreferrer noopener\">FIPS 186-4<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/doi.org\/10.6028\/NIST.SP.800-34r1\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-34<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/doi.org\/10.6028\/NIST.SP.800-130\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-130<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/doi.org\/10.6028\/NIST.SP.800-152\" target=\"_blank\" rel=\"noreferrer noopener\">SP 800-152<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CP-9: System Backup NIST Baseline: &nbsp;Low&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: &nbsp;07\/10\/2024&nbsp; References\/Additional Resources FIPS 140-3&nbsp; FIPS 186-4&nbsp; SP 800-34&nbsp; SP 800-130&nbsp; SP 800-152&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1394,"menu_order":9,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1177","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on July 17, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on July 17, 2024 4:42 pm","modified":"Updated on September 6, 2024 9:09 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1177"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1177\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1394"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}