10.1: Ensure Regular Automated Backups
Sub-control 10.1 states that you must ensure that all system data is automatically backed up on a regular basis.
| Asset Type | Security Function | Implementation Groups |
|---|---|---|
| Data | Protect | 1, 2, 3 |
Dependencies
- Sub-control 1.4: Maintain Detailed Asset Inventory
- Sub-control 1.5: Maintain Asset Inventory Information
-
Sub-control 5.1: Establish Secure Configurations
Inputs
-
Endpoint Inventory: Inventory of all endpoints.
-
Backup configuration policy: Show the backup configuration policy is available.
-
Backup software: Show the backup software (either OS or 3d party) configuration is available and able to be queried.
-
Backup logs: Show the backup software logs are available and can be queried
-
Backup staleness threshold: A successful backup staleness threshold is defined. This indicates the maximum time period allowed between backups. The CIS recommends this occur at least weekly.
Operations
-
For each endpoint, examine its backup configuration with the available configuration policy. Note appropriately configured and inappropriately configured endpoints. Then, examine its logs to determine the most recent successful backup completion time. Note whether it was run within the enterprise-defined staleness threshold.
-
Enumerate the endpoints that are both appropriately configured and that do not have stale backups.
- Compare an endpoint's backup configuration with available configuration policy.
-
Interrogate logs to determine most recent successful backup completion time.
Measures
| Measure | Definition |
|---|---|
| M1 = List of endpoints |
A list of all endpoints. |
|
M2 = Count of items in M1 |
A count of the total number of items in M1. |
| M3 = List of appropriately configured endpoints | A list of endpoints that are configured correctly. |
| M4 = Count of items in M3 | A count of the total number of items in M3. |
| M5 = List of inappropriately configured endpoints | A list of endpoints that are configured incorrectly. |
| M6 = Count of items in M5 | A count of the total number of items in M5. |
| M7= List of endpoints both appropriately configured and without stale backups | A list of all endpoints that are both configured correctly and also do not have any stale backups. |
| M8 = Count of items in M7 | A count of the total number of items in M7. |
| M9 = List of endpoints either inappropriately configured or without stale backups | A list of endpoints that are configured incorrectly or that do not have any stale backups. |
| M10 = Count of items in M9 | A count of the total number of items in M9. |
Metrics
Coverage
| Metric | Calculation |
|---|---|
| The percentage of endpoints that are successfully backing up system data on a regular basis. | M8 / M2 |