3.8.9

Requirement

a. Protect the confidentiality of backup information.
b. Implement cryptographic mechanisms to prevent the unauthorized disclosure of CUI at backup storage locations.

Discussion

The selection of cryptographic mechanisms is based on the need to protect the confidentiality of backup information. Hardware security module (HSM) devices safeguard and manage cryptographic keys and provide cryptographic processing. Cryptographic operations (e.g., encryption, decryption, and signature generation and verification) are typically hosted on the HSM device, and many implementations provide hardware-accelerated mechanisms for cryptographic operations. This requirement is related to 03.13.11.

NIST 800-171A r3 Assessment Guidance

Examine

[SELECT FROM: contingency planning policy and procedures; procedures for system backup; contingency plan; system design documentation; system configuration settings; system security plan; other relevant documents or records]
Interview

[SELECT FROM: mechanisms for supporting or implementing the cryptographic protection of backup information]
Test

[SELECT FROM: personnel with system backup responsibilities; personnel with information security responsibilities]

ID	Assessment Objectives
A.03.08.09.a	the confidentiality of backup information is protected.
A.03.08.09.b	cryptographic mechanisms are implemented to prevent the unauthorized disclosure of CUI at backup storage locations.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!