Ensure all DynamoDB tables are included in a backup plan to maintain data integrity and recovery options.
Rule | DynamoDB tables should be in a backup plan |
Framework | NIST Cybersecurity Framework (CSF) v1.1 |
Severity | ✔ Medium |
DynamoDB Backup Compliance with NIST Cybersecurity Framework (CSF) v1
The NIST Cybersecurity Framework (CSF) emphasizes the importance of maintaining data integrity and availability through regular backups. As such, it's crucial to include Amazon DynamoDB tables in your organization's backup plan.
Overview of NIST CSF Compliance for DynamoDB
The NIST CSF v1 requires organizations to implement recovery planning and routine data backup processes. For DynamoDB, this implies:
Creating DynamoDB Backups for CSF Compliance
Step-by-Step Guide
1. Automated Backup Configuration
2. On-Demand Backup (for individual table)
Necessary AWS CLI Commands
Enable PITR:
aws dynamodb update-continuous-backups --table-name <TableName> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True
Create On-Demand Backup:
aws dynamodb create-backup --table-name <TableName> --backup-name <BackupName>
Verification and Access Control
Verify Backup Integrity
Periodically check the integrity of the backups by restoring a test table from a backup.
Implement IAM Policies for Access Control
Create IAM policies that restrict backup access to authorized personnel only.
CLI Command for Backup Verification (restore to test table)
aws dynamodb restore-table-from-backup --target-table-name <TestTableName> --backup-arn <BackupARN>
Restoration Process
In the event of data loss:
Restoration Steps
CLI Command for Table Restoration
aws dynamodb restore-table-to-point-in-time --source-table-name <TableName> --target-table-name <NewTableName> --restore-date-time <RestoreDateTime>
By integrating DynamoDB tables into your backup plan, you help ensure compliance with the NIST Cybersecurity Framework. The process helps protect your data against incidents and aligns with the CSF's goal of maintaining organizational resilience. Accurate implementation and regular verification of backups are crucial steps in this process.