MP.L2-3.8.9—Protect Backups
Level 2
800-171: 3.8.9
>Control Description
Protect the confidentiality of backup CUI at storage locations.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern implementation of Protect Backups?
- •Who is responsible for overseeing compliance with this requirement?
- •How do you communicate requirements to relevant personnel?
- •How often do you review and update policies related to this control?
- •What governance process ensures consistent implementation across the organization?
Technical Implementation:
- •What technologies and tools implement Protect Backups?
- •How do you technically enforce this requirement?
- •What automated mechanisms support this control?
- •What logging or monitoring provides visibility into implementation?
- •How do you verify technical implementation is functioning correctly?
Evidence & Documentation:
- •What media protection policies and procedures can you provide?
- •What media inventory and tracking records can you show?
- •What sanitization certificates demonstrate proper media disposal?
- •What transport documentation shows media accountability during transport?
- •What evidence shows media is properly marked with CUI indicators?
- •What encryption verification shows portable media is encrypted?
- •What access logs show restricted access to media?
Ask AI
Configure your API key to use AI features.