CP-9: System Backup

From NIST's SP800-53:

a. Conduct backups of user-level information contained in [Assignment: organization-defined system components] [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; b. Conduct backups of system-level information contained in the system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; c. Conduct backups of system documentation, including security- and privacy-related documentation [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; and
d. Protect the confidentiality, integrity, and availability of backup information.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Control ID	Description
PR.IP-4	Backups of information are conducted, maintained, and tested

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

ATT&CK ID	Title	Associated Tactics
T1561	Disk Wipe	Impact
T1491	Defacement	Impact
T1561.002	Disk Structure Wipe	Impact
T1565.001	Stored Data Manipulation	Impact
T1491.001	Internal Defacement	Impact
T1486	Data Encrypted for Impact	Impact
T1070.001	Clear Windows Event Logs	Defense Evasion
T1005	Data from Local System	Collection
T1070	Indicator Removal	Defense Evasion
T1003	OS Credential Dumping	Credential Access
T1070.008	Clear Mailbox Data	Defense Evasion
T1490	Inhibit System Recovery	Impact
T1565.003	Runtime Data Manipulation	Impact
T1565	Data Manipulation	Impact
T1119	Automated Collection	Collection
T1070.002	Clear Linux or Mac System Logs	Defense Evasion
T1561.001	Disk Content Wipe	Impact
T1491.002	External Defacement	Impact
T1003.003	NTDS	Credential Access
T1025	Data from Removable Media	Collection
T1485	Data Destruction	Impact