About this program
When did you last actually restore a backup? Audit your backup cadence, immutability, off-site copies and recovery time.
Risks addressed
- Critical Ransomware encrypts production AND backups
- Critical Restore process untested u2014 fails when needed
- High Backups stolen and leaked (unencrypted at rest)
- High No off-site copy if primary site destroyed
Controls (7)
-
Backup policy with RPO/RTO defined
HighBackup policy with RPO/RTO defined
How to test + evidence
Testing procedure: Review documented RPO/RTO per system tier.
Evidence to collect: Backup policy document.
-
Tier-1 systems backed up daily
CriticalTier-1 systems backed up daily
How to test + evidence
Testing procedure: Confirm daily successful backup for the last 30 days for Tier-1 systems.
Evidence to collect: Backup job report.
-
Backups stored off-site / off-account
CriticalBackups stored off-site / off-account
How to test + evidence
Testing procedure: At least one backup copy is logically + physically separated from prod (different account/region).
Evidence to collect: Off-site backup config.
-
Backups immutable / WORM
HighBackups immutable / WORM
How to test + evidence
Testing procedure: Tier-1 backups protected against deletion / overwrite for the retention period.
Evidence to collect: Immutability policy + ransomware test.
-
Restore tested at least quarterly
CriticalRestore tested at least quarterly
How to test + evidence
Testing procedure: Show the most recent successful restore test — full data integrity check.
Evidence to collect: Restore test report.
-
Encryption at rest for backups
HighEncryption at rest for backups
How to test + evidence
Testing procedure: Backup repository encrypted; keys not co-located with backup data.
Evidence to collect: Encryption config.
-
Backup access restricted to dedicated role
HighBackup access restricted to dedicated role
How to test + evidence
Testing procedure: Production admins cannot delete backups; backup admins use separate accounts.
Evidence to collect: RBAC export.