Control statement
a. Conduct backups of user-level information contained in {{ insert: param, cp-09_odp.01 }} {{ insert: param, cp-09_odp.02 }};
b. Conduct backups of system-level information contained in the system {{ insert: param, cp-09_odp.03 }};
c. Conduct backups of system documentation, including security- and privacy-related documentation {{ insert: param, cp-09_odp.04 }} ; and
d. Protect the confidentiality, integrity, and availability of backup information.
Requirement: The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check.
(a) Requirement: The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative.
(b) Requirement: The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative.
(c) Requirement: The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative. Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is
preserved in the catalog database.
Covered by these Key Security Indicators
| KSI | Title | Category |
|---|---|---|
| KSI-RPL-03 | System Backups _Persistently_ review the alignment of machine-based information resource backups with defined recovery objectives. | Recovery Planning |