10.2: Perform Complete System Backups
Sub-control 10.2 states that you must ensure that all of the organization’s key systems are backed up as a complete system, through processes such as imaging, to enable the quick recovery of an entire system.
| Asset Type | Security Function | Implementation Groups |
|---|---|---|
| Data | Protect | 1, 2, 3 |
Dependencies
- Sub-control 1.4: Maintain Detailed Asset Inventory
- Sub-control 1.5: Maintain Asset Inventory Information
-
Sub-control 5.1: Establish Secure Configurations
Inputs
-
Key Systems: The list of “key systems” identified by the organization, as derived from the endpoint inventory (sub-control 1.4).
-
Backup configuration policy: The organization’s backup/imaging configuration policy.
Assumptions
- Backup software (either OS or 3d party) is installed and appropriately configured on the “key systems” identified in I1.
Operations
-
For each endpoint in the list of “key systems”, examine its backup configuration against the available backup configuration policy. Note which endpoints are configured appropriately and inappropriately.
Measures
| Measure | Definition |
|---|---|
| M1 = List of "key system" endpoints |
A list of "key system" endpoints. |
|
M2 = Count of items in M1 |
A count of the total number of items in M1. |
| M3 = List of appropriately configured “key systems” | A list of “key systems” that are configured correctly. |
| M4 = Count of items in M3 | A count of the total number of items in M3. |
| M5 = List of inappropriately configured “key systems” | A list of “key systems” that are configured incorrectly. |
| M6 = Count of items in M5 | A count of the total number of items in M5. |
Metrics
Coverage
| Metric | Calculation |
|---|---|
| The percentage of key systems that are successfully backed up as a complete system. | M4 / M2 |