Conduct backups of user-level information contained in system components frequency; Conduct backups of system-level information contained in the system frequency; Conduct backups of system documentation, including security- and privacy-related documentation frequency ; and Protect the confidentiality, integrity, and availability of backup information.
System-level information includes system state information, operating system software, middleware, application software, and licenses. User-level information includes information other than system-level information. Mechanisms employed to protect the integrity of system backups include digital signatures and cryptographic hashes. Protection of system backup information while in transit is addressed by MP-5 and SC-8 . System backups reflect the requirements in contingency plans as well as other organizational requirements for backing up information. Organizations may be subject to laws, executive orders, directives, regulations, or policies with requirements regarding specific categories of information (e.g., personal health information). Organizational personnel consult with the senior agency official for privacy and legal counsel regarding such requirements.
backups of user-level information contained in system components are conducted frequency; backups of system-level information contained in the system are conducted frequency; backups of system documentation, including security- and privacy-related documentation are conducted frequency; the confidentiality of backup information is protected; the integrity of backup information is protected; the availability of backup information is protected.