Rule: Backup Recovery Points Manual Deletion Should Be Disabled
This rule ensures that manual deletion of backup recovery points should be disabled for security compliance.
| Rule | Backup recovery points manual deletion should be disabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Medium |
Rule Description
The rule states that the manual deletion of backup recovery points should be disabled in order to comply with the NIST 800-171 Revision 2 security standard. This rule aims to maintain the integrity and availability of backup recovery points and prevent unauthorized or accidental deletion that could result in data loss or hinder the ability to recover from system failures or security incidents.
Troubleshooting Steps
If the manual deletion of backup recovery points is enabled, follow these troubleshooting steps to achieve compliance:
- 1.
Identify the backup solution in use: Determine the backup system or software being used in your environment, such as Veeam, Commvault, or native backups.
- 2.
Review documentation and user guides: Refer to the documentation and user guides provided by the backup solution vendor to understand the process for disabling manual deletion of backup recovery points.
- 3.
Access backup system configuration: Log in to the backup system's administration console or interface.
- 4.
Locate the backup repository or storage settings: Navigate to the configuration settings related to backup repository or storage.
- 5.
Disable manual deletion option: Look for an option or setting that allows manual deletion of backup recovery points and ensure it is disabled. This setting is typically found under retention policies or backup repository settings.
- 6.
Save and apply changes: Once the manual deletion option is disabled, save and apply the changes in the backup system.
- 7.
Test the configuration: Perform a test backup and verify that the manual deletion of backup recovery points is indeed disabled.
Code Example
In some cases, modifying the backup system's configuration may require executing certain commands or scripts. Each backup solution may have its own command syntax, but here is a generic example of how it could be implemented using PowerShell:
# Disable manual deletion of backup recovery points $backupSystem = Connect-BackupSystem -Credential $Credential $backupRepository = Get-BackupRepository -Name "BackupRepository01" Set-BackupRepository -Repository $backupRepository -ManualDeletion $false Disconnect-BackupSystem -Credential $Credential
Please note that the example above is a generic representation, and the actual commands may vary depending on the backup system or software in use.
Remediation Steps
To remediate and disable manual deletion of backup recovery points, follow these steps:
- 1.
Identify the backup solution: Determine the backup system or software in use.
- 2.
Access the backup system's administration console or interface: Log in to the backup system using appropriate credentials.
- 3.
Navigate to the backup repository or storage settings: Look for configuration settings related to backup repository or storage.
- 4.
Disable manual deletion of backup recovery points: Locate the option or setting that allows manual deletion of backup recovery points and disable it. This setting is typically found under retention policies or backup repository settings.
- 5.
Save and apply changes: Save the configuration changes made to disable manual deletion.
- 6.
Test the configuration: Perform a test backup to ensure that manual deletion of backup recovery points is disabled successfully.
By following these steps, you will ensure compliance with NIST 800-171 Revision 2 by disabling manual deletion of backup recovery points in your environment.