CP-9(8)

Requirement

Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of [Assignment: organization-defined backup information].

Discussion

The selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of backup information. The strength of mechanisms selected is commensurate with the security category or classification of the information. Cryptographic protection applies to system backup information in storage at both primary and alternate locations. Organizations that implement cryptographic mechanisms to protect information at rest also consider cryptographic key management solutions.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: Contingency planning policy; procedures addressing system backup; contingency plan; system design documentation; system configuration settings and associated documentation; system security plan; other relevant documents or records].

Interview

[SELECT FROM: Organizational personnel with system backup responsibilities; organizational personnel with information security responsibilities].

Test

[SELECT FROM: Mechanisms supporting and/or implementing cryptographic protection of backup information].

ID	Assessment Objectives
CP-09(08)	cryptographic mechanisms are implemented to prevent unauthorized disclosure and modification of <CP-09(08)_ODP backup information>.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!