Rule: Backup Recovery Points Expiry
This rule ensures backup recovery points do not expire before the retention period.
| Rule | Backup recovery points should not expire before retention period |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Low |
Backup Recovery Points should not expire before Retention Period for CISA Cyber Essentials
Description:
This rule ensures that backup recovery points are retained for a sufficient period of time and not expired prematurely. It is important to maintain the required retention period for backup recovery points to ensure availability of data in case of any data loss, system failure, or cyber-attacks.
Policy:
The policy mandates that backup recovery points should not be deleted or expired before the configured retention period. It is necessary to adhere to this policy to meet the compliance requirements of the CISA Cyber Essentials framework.
Troubleshooting:
If backup recovery points are expiring before the specified retention period, the following troubleshooting steps can be followed:
- 1.Check the backup software or solution in use to determine if there is a misconfiguration or scheduling issue.
- 2.Verify the backup retention settings in the backup software and compare them with the desired retention period.
- 3.Ensure that there are no automated scripts or processes deleting the recovery points prematurely.
- 4.Review any relevant logs or error messages from the backup software to identify potential issues or errors.
Remediation Steps:
To resolve the issue and ensure that backup recovery points are not expiring before the retention period, follow these steps:
- 1.Identify the backup software or solution being used.
- 2.Access the backup software management interface or use the appropriate command-line interface for the software.
- 3.Review the retention settings within the backup software to confirm the configured retention period.
- 4.Adjust the retention period if necessary to align with the desired retention period for compliance with CISA Cyber Essentials.
- 5.Save the changes, ensuring that they are applied to the backup job or schedule.
- 6.Monitor the backup software to ensure that backup recovery points are not expiring prematurely.
CLI Command (if applicable):
If the backup software provides a command-line interface (CLI) for configuration, the following steps can be performed:
- 1.Open the command prompt or terminal.
- 2.Navigate to the directory where the backup software CLI is installed (if applicable).
- 3.Execute the appropriate CLI command to review or modify the retention settings.
- 4.If modifying the retention period, specify the desired duration in accordance with the CISA Cyber Essentials requirements.
- 5.Save the changes and exit the CLI interface.
- 6.Monitor the backup software to ensure that the retention period is being enforced correctly.
Note: The specific CLI commands may vary depending on the backup software or solution in use. Refer to the documentation or support resources provided by the respective vendor for detailed instructions.
By ensuring that backup recovery points are retained for the required duration, organizations can enhance their data protection and meet the compliance requirements of CISA Cyber Essentials.