Posted on

World Backup Day and NIST SP 800-171

world backup day and nist sp 800-171

Backups and Archiving

World Backup Day is March 31st – a whole day to help remind us to ensure our valuable information is properly protected and available should the need arise. Obviously, valid backup and recovery is a foundational component of incident response and information security. An incident could be a system malfunction, user error or adversarial maliciousness.

In the context of information security, our charge is to protect the confidentiality, integrity and availability (CIA) of important data. Backups and archiving play a part in each – availability of a system can rely on the existence of recovery options. Certainly, the backups themselves must also be protected from unauthorized access and modification.

NIST SP 800-171

In protecting controlled unclassified information (CUI), ensuring timely and valid backups is an important part of the process. Interestingly, NIST SP 800-171 doesn’t directly specify that a backup strategy be defined and implemented. However, the protection of CUI backups is mentioned in the media protection control family. This brings up an important consideration, the guidelines used for the protection of CUI are not absolute or all encompassing; we still need to holistically secure the systems and data that we use and ensure our security plans fully address organizational needs. An old security adage: Compliant doesn’t mean Secure.

An appropriate backup strategy is an important part of protecting all important business information and systems. Protecting the backup information should include locating the backups away from the systems in use. If an event is significant enough to somehow damage the operational systems, we wouldn’t want that same incident to render the backups unusable as well. A rainstorm might flood a data center, or a ransomware attack might encrypt all active data and connected system data.

NIST Compliant Services

At Assured Bridge, we help meet NIST SP 800-171 compliance objectives by regularly backing up your stored CUI. These backups are both encrypted to protect confidentiality and integrity,  and stored separately to ensure availability. We also execute rehearsal restorations to validate the backups can be effectively restored should the need arise.

For World Backup Day, closely review your inventory of sensitive and valuable information and enable backups to somewhere safe. Watch our Twitter feed for more hints and tips.

References cited in this post:

Certified Information System Security Professional Daniel Bjorklund is the information assurance and cybersecurity subject matter expert for Assured Bridge LLC, a company specializing in cybersecurity compliance solutions. With over 20 years’ experience in U.S. military intelligence and security operations, plus significant involvement in government, commercial and private sector cybersecurity initiatives, Dan has comprehensive knowledge of today’s rapidly-evolving cyber-dependent world. A recently-licensed pilot and amateur radio operator, Dan lives with his wife in South Carolina.
Dan can be found on LinkedIn (https://www.linkedin.com/in/dbjorklundcissp/) and Twitter (https://twitter.com/IASE_at_large)