Backup Recovery Points Manual Deletion Should Be Disabled Rule
This rule ensures that manual deletion of backup recovery points is disabled for better data security.
| Rule | Backup recovery points manual deletion should be disabled |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ Medium |
Rule/Policy: Backup Recovery Points Manual Deletion Disabled for NIST Cybersecurity Framework (CSF) v1
Description: The rule requires the manual deletion of backup recovery points to be disabled for compliance with the NIST Cybersecurity Framework (CSF) v1. This ensures that backup data remains intact and accessible for recovery purposes, minimizing the risk of data loss or unauthorized removal.
Troubleshooting Steps: If manual deletion of backup recovery points is not disabled or is not functioning as intended, follow these troubleshooting steps:
- 1.
Verify Backup Configuration: Check the backup software or solution being used and confirm that automatic deletion settings are properly configured and enabled.
- 2.
Review Access Controls: Ensure that only authorized personnel have permissions to manage and delete backup recovery points. Review the access controls and permissions granted to users or groups within the backup system.
- 3.
Monitor Audit Logs: Regularly monitor the audit logs of the backup system to detect any unauthorized attempts to delete recovery points. Investigate any anomalies or suspicious activities promptly.
- 4.
Conduct Testing: Perform periodic tests to validate the integrity and accessibility of backup recovery points. This ensures that the backup solution is functioning as expected and that recovery points can be accessed when needed.
Necessary Codes: There are no specific codes associated with this rule/policy.
Remediation Steps: To disable manual deletion of backup recovery points and ensure compliance with the NIST Cybersecurity Framework (CSF) v1, follow these step-by-step remediation instructions:
- 1.
Identify Backup Solution: Determine the backup software or solution being utilized in your environment.
- 2.
Access Configuration Settings: Open the backup solution's management console or interface.
- 3.
Locate Deletion Control Settings: Navigate to the configuration or settings section related to recovery points or backup retention.
- 4.
Disable Manual Deletion: Locate the option or setting that enables manual deletion of recovery points and disable it. This action may vary depending on the backup solution in use.
- 5.
Save and Apply Changes: After disabling manual deletion, save the configuration changes and ensure they are applied to the backup solution.
- 6.
Verify Functionality: Test the backup solution to ensure that manual deletion is now disabled. Attempt to delete a recovery point manually to confirm that it is prohibited.
Remember to document the changes made and update related documentation or policies accordingly to reflect the disabled manual deletion of backup recovery points.
Note: It is critical to balance retention periods for backup recovery points with storage capacity requirements and regulatory compliance. Adjust backup retention policies and practices as needed to align with organizational needs while adhering to compliance requirements.