CMMC 1.0 Practice RE.3.139 Requirement:

Regularly perform complete and comprehensive data back-ups and store them off-site and offline.

CMMC 1.0 RE.3.139 Requirement Explanation:

Backups are important because they allow to recover from security incidents and systems failures.

Example CMMC 1.0 RE.3.139 Implementation:

Identify key systems in your organization such as your file server and active directory server. Create a backup policy defining the types of backups you perform (e.g. weekly full system backups and daily incremental backups). Backup your key systems in accordance with your backup policy. You must keep full system backups of key systems. You must also ensure that you have at least one offline backup of each of your key systems and keep a copy at an off-site location. There are companies that offer off-site backup storage services.

CMMC 1.0 RE.3.139 Scenario(s):

- Scenario 1:

You have a backup policy requiring that key systems are backed up. Your policy requires daily incremental backups and weekly full backups. It also requires that you keep two offline backups. One stays at your facility and the other is sent to an off-site storage site.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.