Reference: CMMC 2.11
Family: MP
Level Introduced: 2
Title: Protect Backups
Practice:
Protect the confidentiality of backup CUI at storage locations.
CMMC Clarification:
You protect the confidentiality of information to ensure that it remains private and unchanged. Methods to ensure confidentiality may include:
• encrypting files;
• managing who has access to the information;
• physically securing devices and media that contains CUI; and
• managing the use of information.
Storage locations for information are varied, and may include:
• external hard drives;
• USB flash drives;
• disc media (e.g., CD, DVD, Blu-Ray);
• Networked Attached Storage (NAS);
• cloud backup; and
• FTP, FTP Secure, SFTP.
Example
You are in charge of protecting CUI for the company. You need to protect the confidentiality of backup data. You encrypt all your CUI data as it is saved on an external hard drive. Only people who are on the contract can access the hard drive. You secure the external hard drive in a physical location accessible only to people with permission.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.