NIST CSF: PR.IP-4 Subcategory
From NIST's Cyber Security Framework (version 1):
Backups of information are conducted, maintained, and tested
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Protection of records (18.1.3)
ISO 27001:2013 -
Information backup (12.3.1)
ISO 27001:2013 -
Verify, review, and evaluate information security continuity (17.1.3)
ISO 27001:2013 -
Implementing information security continuity (17.1.2)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Control system backup (SR 7.3)
ISA/IEC 62443-3-3:2013 -
Control system recovery and reconstitution (SR 7.4)
ISA/IEC 62443-3-3:2013 -
Establish backup and restoration procedure (4.3.4.3.9)
ISA/IEC 62443-2-1:2009
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1565.001 | Stored Data Manipulation | Impact |
| T1070.008 | Clear Mailbox Data | Defense Evasion |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1565 | Data Manipulation | Impact |
| T1070.002 | Clear Linux or Mac System Logs | Defense Evasion |
| T1119 | Automated Collection | Collection |
| T1486 | Data Encrypted for Impact | Impact |
| T1070 | Indicator Removal | Defense Evasion |
| T1561 | Disk Wipe | Impact |
| T1491 | Defacement | Impact |
| T1561.002 | Disk Structure Wipe | Impact |
| T1491.001 | Internal Defacement | Impact |
| T1005 | Data from Local System | Collection |
| T1003 | OS Credential Dumping | Credential Access |
| T1490 | Inhibit System Recovery | Impact |
| T1565.003 | Runtime Data Manipulation | Impact |
| T1561.001 | Disk Content Wipe | Impact |
| T1491.002 | External Defacement | Impact |
| T1003.003 | NTDS | Credential Access |
| T1025 | Data from Removable Media | Collection |
| T1485 | Data Destruction | Impact |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B3.c | Stored Data | You have protected stored data important to the operation of the essential function. |
| B5.c | Backups | You hold accessible and secured current backups of data and information needed to recover operation of your essential function. |
| B5.a | Resilience Preparation | You are prepared to restore the operation of your essential function following adverse impact. |
| D1.c | Testing and Exercising | Your organisation carries out exercises to test response plans, using past incidents that affected your (and other) organisation, and scenarios that draw on threat intelligence and your risk assessment. |