:

10.5: Ensure All Backups Have at Least One Offline Backup Destination

Sub-control 10.5 states that you must ensure that all backups have at least one offline (i.e., not accessible via a network connection) backup destination.

Asset Type	Security Function	Implementation Groups
Data	Protect	1, 2, 3

Dependencies

Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Sub-control 5.1: Establish Secure Configurations

Inputs

Endpoint Inventory: A list of endpoints.
Backup configuration policy: The backup configuration policy, assuming the inclusion of “offline” backup destinations.

Operations

Collect a list of endpoints that do/do not matchthe policy specified in I2.

Measures

Measure	Definition
M1 = List of endpoints	A list of endpoints.
M2 = Count of items in M1	A count of the total number of items in M1.
M3 = List of endpoints matching policy	A list of endpoints that match the policy.
M4 = Count of items in M3	A count of the total number of items in M3.
M5 = List of endpoints not matching policy	A list of endpoints that do not match the policy.
M6 = Count of items in M5	A count of the total number of items in M5.

Metrics

Coverage

Metric	Calculation
The ratio of endpoints matching the backup configuration policy compared to the total number of endpoints.	M4 / M2

Lack of Coverage

Metric	Calculation
The ratio of endpoints not matching the backup configuration policy compared to the total number of endpoints.	M5 / M2

Copyright © 2023 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.