Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Backup Recovery Points Manual Deletion Should Be Disabled

This rule ensures that manual deletion of backup recovery points is disabled to maintain data integrity.

RuleBackup recovery points manual deletion should be disabled
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Medium

Backup Recovery Points Manual Deletion Rule for NIST CSF v1

Rule Description

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) Version 1 outlines a set of best practices for improving cybersecurity. Within this framework, it is recommended to protect information and assets from data loss by maintaining secure and reliable backup solutions. Disabling manual deletion of backup recovery points is a measure that helps in preventing data loss due to accidental or malicious actions. The rule ensures that backups are immutable for a defined retention period, safeguarding critical data against unauthorized changes or deletions.

Troubleshooting

Troubleshooting Steps

In the event that backups cannot be made or recovery points are being deleted, follow these steps:

  1. 1.

    Verify Backup Permissions:

    • Ensure that the service accounts or users responsible for backups have appropriate permissions.
    • Review backup job configurations for any errors or misconfigurations.
  2. 2.

    Check System Logs:

    • Examine backup system logs to identify any error messages or failed jobs.
    • Search for events related to deletion actions and verify who initiated them.
  3. 3.

    Review Backup Policies:

    • Ensure that the backup policies comply with the NIST CSF recommendations.
    • Confirm that manual deletion settings are as expected and not modified.
  4. 4.

    Validate Retention Policies:

    • Confirm that retention periods are set and enforced correctly.
    • Make sure that immutable backup settings are configured and active.
  5. 5.

    Update Software:

    • Verify that the backup software and dependencies are up to date.
    • Apply patches if there are any known bugs related to backup immutability or retention.

Necessary Codes or Commands

There are no specific codes for the NIST CSF, but backup software and cloud platforms typically provide CLI commands to manage backup settings.

Remediation Steps

Disabling Manual Deletion

Follow these steps to implement the rule to disable manual deletion of backup recovery points:

  1. 1.

    Define Backup Retention Policy:

    • Determine the appropriate backup retention period that complies with organizational policies and regulatory requirements.
  2. 2.

    Configure Immutable Backup Settings:

    • Access the backup software or cloud provider's management console.
    • Navigate to the backup policy or recovery point settings.
    • Set the retention policy and enable immutability options to prevent manual deletion.
    • Save and apply these settings to the relevant backup jobs or policies.
  3. 3.

    Monitor Compliance:

    • Utilize monitoring tools to regularly check compliance with the set retention policy.
    • Set up alerts for any policy violations or attempts to manually delete backups.
  4. 4.

    Perform Regular Audits:

    • Schedule periodic audits of backup and recovery point settings to ensure ongoing compliance.
  5. 5.

    Documentation:

    • Document all changes, settings, and compliance measures in your organization’s security policy documentation.

Example CLI Command for AWS

Using AWS as an example, to set a backup plan with immutable backups, you can use the AWS CLI:

aws backup create-backup-plan --backup-plan file://my-backup-plan.json

Where

my-backup-plan.json
is a JSON file that contains the backup plan which includes rules for backup retention and immutability.

This command should be customized based on your organization's specific backup plan structure and AWS region. Make sure your AWS CLI is configured with the appropriate permissions before executing this command.

Implementing such rules contributes positively to SEO by ensuring the website's security and integrity, hence maintaining user trust. Regularly updated and compliant cybersecurity practices may be highlighted in website statements to increase confidence in the brand, possibly affecting the site's standing and visibility positively.

Is your System Free of Underlying Vulnerabilities?
Find Out Now