Data Recovery
Establish and maintain data recovery practices sufficient to restore in-scope enterprise assets to a pre-incident and trusted state.
Why Is This Control Critical?
In the cybersecurity triad -- Confidentiality, Integrity, and Availability (CIA) -- the availability of data is, in some cases, more critical than its confidentiality. Enterprises need many types of data to make business decisions, and when that data is not available or is untrusted, then it could affect the enterprise. An easy example is weather information to a transportation enterprise. When attackers compromise enterprise assets, they make changes to configurations, add accounts, and often add software or scripts. These changes are not always easy to identify, as attackers might corrupt or wipe backup data and logs. This can make restoring to a known, trusted state difficult.
Related Policy Templates
Safeguards (5)
| ID | Title | Asset Type | Function | Implementation Groups |
|---|---|---|---|---|
| 11.1 | Establish and Maintain a Data Recovery Process | Data | Recover |
IG1
IG2
IG3
|
| 11.2 | Perform Automated Backups | Data | Recover |
IG1
IG2
IG3
|
| 11.3 | Protect Recovery Data | Data | Protect |
IG1
IG2
IG3
|
| 11.4 | Establish and Maintain an Isolated Instance of Recovery Data | Data | Recover |
IG1
IG2
IG3
|
| 11.5 | Test Data Recovery | Data | Recover |
IG2
IG3
|