Backup Recovery Points Manual Deletion Disabled Rule
Ensure disabling manual deletion of backup recovery points to enhance data protection
| Rule | Backup recovery points manual deletion should be disabled |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ Medium |
Rule Description
The rule specifies that manual deletion of backup recovery points should be disabled for the NIST Cybersecurity Framework (CSF) v1. This means that users should not have the ability to manually delete backup recovery points, ensuring the availability and integrity of data in case of a cybersecurity incident.
Troubleshooting Steps
- Ensure that the backup solution in use supports the disabling of manual deletion of recovery points.
- Review the backup solution's documentation for instructions on how to disable manual deletion.
- Check if the necessary permissions are granted to the appropriate user roles or groups to prevent manual deletion.
- Verify if any security policies or procedures are in place that may be overriding the intended configuration.
Necessary Codes
No specific codes are provided for this rule.
Step-by-Step Guide for Remediation
- 1.
Identify the backup solution in use and access its administration interface.
- 2.
Refer to the backup solution's documentation or user guide to find the settings related to manual deletion of recovery points.
- 3.
Follow the documentation's instructions to disable the manual deletion feature.
- 4.
Verify that the changes have been successfully applied.
- 5.
Review the user roles or groups assigned to the backup solution and ensure that appropriate permissions are set to prevent manual deletion.
- 6.
Communicate the policy change and its implications to relevant stakeholders and users.
- 7.
Regularly monitor and audit the backup solution to ensure compliance with the rule.
Conclusion
Disabling manual deletion of backup recovery points for NIST Cybersecurity Framework (CSF) v1 helps to ensure that critical data is protected and available in the event of a cybersecurity incident. By following the provided troubleshooting steps and the step-by-step remediation guide, organizations can adhere to this rule and enhance their data protection capabilities.