Threat

If backup and restoration assets do not have appropriate physical and technical protections in place, there is a risk of mission essential information being accidentally or deliberately modified or destroyed. A protection strategy for all backup and restoration hardware, firmware, and software, such as router tables, compilers, and other security-related system software mitigates the modification or destruction of information.

Implementation Guidance

1. An inventory of all backup and restoration assets shall be documented in an organization or site backup plan. 2. Physical security controls, such as building/room access controls and fire rated safes shall be employed to protect backup and restoration assets. 3. Technical security controls, such as cryptographic key management and least-privilege access controls shall be implemented to protect backup and restoration assets.

Resources

- NIST SP 800-34, Contingency Planning Guide for Information Technology Systems, June 2002 - DoDD 3020.36, Assignment of National Security Emergency Preparedness Responsibilities to DoD Components, 02 November 1988 - DoD 8910.1-M, DoD Procedures for Management of Information Requirements, 30 June 1998 - CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 25 March 2003

Framework

DoD Instruction 8500.2

Subject Area

Continuity

Impact Code

High

MAC Levels

MAC 1, MAC 2, MAC 3