NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-9(1)Testing for Reliability and Integrity

Test backup information {{ insert: param, cp-9.1_prm_1 }} to verify media reliability and information integrity.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Organizations need assurance that backup information can be reliably retrieved. Reliability pertains to the systems and system components where the backup information is stored, the operations used to retrieve the information, and the integrity of the information being retrieved. Independent and specialized tests can be used for each of the aspects of reliability. For example, decrypting and transporting (or transmitting) a random sample of backup files from the alternate storage or backup site and comparing the information to the same information at the primary processing site can provide such assurance.

Practitioner Notes

This enhancement requires you to test your backups to verify they can be successfully restored — a backup you have never tested is a backup you cannot trust.

Example 1: Use Veeam SureBackup to automatically boot backed-up VMs in an isolated environment nightly and run application health checks to verify backup integrity.

Example 2: Conduct quarterly test restores where you pick a random server backup and restore it to a test environment, verifying the data is complete and applications function.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(2) Capacity Planning