Backups

US-CERT states that all computer users, from home users to professional information security officers, should back up the critical data they have on their desktops, laptops, servers, and even mobile devices to protect it from loss or corruption. Saving just one backup file may not be enough to safeguard your information. To increase your chances of recovering lost or corrupted data, follow the 3-2-1 rule:

3 – Keep 3 copies of any important file: 1 primary and 2 backups.
2 – Keep the files on 2 different media types to protect against different types of hazards.
1 – Store 1 copy offsite (e.g., outside your home or business facility).
(Source)

AT&T Cybersecurity – Data Protection This resource provides a list of free and commercial tools used for data protection that includes encryption products.
Carnegie Mellon University – Security & Backup
DataONE – Backup your data
This link from DataONE provides a list of data backup best practices.
DataONE – Create and document a data backup policy
This link provides best practices for creating and documenting a backup policy.
datto – What is Disaster Recovery Testing? This blog post discusses disaster recovery testing of data backups.
DoD Procurement Tool Box – FAQ 98: Protect the confidentiality of CUI at Rest This provides a response to an FAQ regarding protection of CUI at rest through physical and logical protections other than encryption.
Gartner – Data Center Backup and Recovery Solutions Gartner product listing and reviews of data backup and recovery solutions
GFI Software – 11 Ways to Protect your Backups Vendor resource that provides recommendations on how to protect your backup.
IBM – A resiliency leader’s checklist for backup and disaster recovery This IBM blog provides a checklist to assess backup and disaster recovery plans.
Lifewire – 5 Ways to Back Up Your Data
If you want to back up the data on your PC, here are five ways you can do so. Each method has its pros and cons.
NIST SP 800-34 Contingency Planning Guide for Federal Information Systems
This NIST Special Publication defines a seven-step contingency planning process that an organization may apply.
NIST SP 800-53: CP–9 Information System Backup NIST resource that defines requirements for system backup activities.
NIST SP 800-53: SC-28 Protection of Information at Rest NIST resource that define requirements for proper protection of information at rest (e.g, encryption, off-line storage, physical protection)
Ready.gov – IT Disaster Recovery Plan
Solutions Review – A Step By Step Guide to Backup Testing This article describes the importance of backup identification and proper testing of those backups to ensure successful recovery in the event of an incident
StorageCraft – A Simple Guide to Effective Backup Testing This blog post discusses need to test backups and how to effectively do so.
Tech Republic – Disaster recovery worst practices: Don’t test your backups This article discusses why testing backups is critical.
Tech Target – Ten important steps for testing backups This article examines the ten most important steps for testing data backups.
Technopedia – Disaster Recovery as a Service (DRaaS) This article defines Disaster Recovery as a Service (DRaaS) which may provide a viable option to organizations that are resource constrained to perform complete, comprehensive and resilient data backups.
University of Michigan – Disaster Recovery Planning and Data Backup for Information Systems and Services This example standard describes and defines data backups in the context of disaster recovery planning.
University of Utah – Information Technology Data Backup and Recovery Policy This example policy documents data backup and recovery procedures, protocols, and standards. It covers the data backup schedule, backup protocols, backup retention, and data recovery.
US-CERT – Data Backup Options
This paper summarizes the pros, cons, and security considerations of backup options for critical personal and business data.

NIST Handbook 162 NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements
This Handbook provides a step-by-step guide to assessing a small manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1.
NIST SP 800-171A Assessing Security Requirements for Controlled Unclassified Information
The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171.
NIST SP 800-84 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
This NIST Special Publication helps organizations in designing, developing, conducting, and evaluating test, training, and exercise events.

Resources

Legal