11.2: Perform Automated Backups

Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data.

Asset Type	Security Function	Implementation Groups
Data	Recover	1, 2, 3

Dependencies

For each asset in GV1 identify and enumerate assets that are in-scope for automated backups: GV33 (M1)
Use GV5 to identify authorized backup software and for each asset identified in Operation 1
1. Identify and enumerate assets covered by at least one authorized backup software: GV34 (M2)
2. Identify and enumerate assets not covered by at least one authorized backup software (M3)
Use GV3 to check if the software on assets identifed in Operation 2.1 is configured correctly
1. Identify and enumerate assets with properly configured backup software (M4)
2. Identify and enumerate assets with improperly configured backup software (M5)
For each asset with backup software identified in Operation 2.1, examine logs to determine the most recent successful backup date. Compare that date to current date and capture timeframe in days.
1. Identify and enumerate assets that have been backeup within seven days or less (M6)
2. Identify and enumerate assets that have been backedup outside of a sevend day window (M7)

Metric	The percentage of in-scoope assets with properly configured authorized backup software
Calculation	`M4 / M1`

Metric	The percentage of in-scope assets backed up within a week timeframe
Calculation	`M6 / M1`