CMMC 1.0 Practice RE.3.139 Requirement:
Regularly perform complete and comprehensive data back-ups and store them off-site and offline.
CMMC 1.0 RE.3.139 Requirement Explanation:
Backups are important because they allow to recover from security incidents and systems failures.
Example CMMC 1.0 RE.3.139 Implementation:
Identify key systems in your organization such as your file server and active directory server. Create a backup policy defining the types of backups you perform (e.g. weekly full system backups and daily incremental backups). Backup your key systems in accordance with your backup policy. You must keep full system backups of key systems. You must also ensure that you have at least one offline backup of each of your key systems and keep a copy at an off-site location. There are companies that offer off-site backup storage services.
CMMC 1.0 RE.3.139 Scenario(s):
- Scenario 1:
You have a backup policy requiring that key systems are backed up. Your policy requires daily incremental backups and weekly full backups. It also requires that you keep two offline backups. One stays at your facility and the other is sent to an off-site storage site.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.