NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-9(8)Cryptographic Protection

Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of {{ insert: param, cp-09.08_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

The selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of backup information. The strength of mechanisms selected is commensurate with the security category or classification of the information. Cryptographic protection applies to system backup information in storage at both primary and alternate locations. Organizations that implement cryptographic mechanisms to protect information at rest also consider cryptographic key management solutions.

Practitioner Notes

This enhancement requires backups to be cryptographically protected — encrypted both at rest and in transit to prevent unauthorized access to backup data.

Example 1: Enable AES-256 encryption on all Veeam backup jobs so that backup files are encrypted at rest and cannot be read without the encryption key.

Example 2: Configure Azure Backup to use customer-managed keys in Azure Key Vault for encrypting backup data, giving you full control over the encryption keys.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(2) Capacity Planning