PR.DS-11
Backups of data are created, protected, maintained, and tested
Implementation examples
- Ex1: Continuously back up critical data in near-real-time, and back up other data frequently at agreed-upon schedules
- Ex2: Test backups and restores for all types of data sources at least annually
- Ex3: Securely store some backups offline and offsite so that an incident or disaster will not damage them
- Ex4: Enforce geographic separation and geolocation restrictions for data backup storage
Mapped NIST 800-53 r5 controls (2)
Mapped CWE weaknesses (1)
Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.
All informative references (43)
- CCMv4.0: BCR-08
- CCMv4.0: CEK-18
- CCMv4.0: DSP-16
- CCMv4.0: DSP-19
- CCMv4.0: LOG-02
- CCMv4.0: LOG-09
- CIS Controls v8.0: 11.2
- CIS Controls v8.0: 11.3
- CIS Controls v8.0: 11.5
- CIS Controls v8.1: 11.2
- CIS Controls v8.1: 11.3
- CIS Controls v8.1: 11.5
- CRI Profile v2.0: PR.DS-11
- CRI Profile v2.0: PR.DS-11.01
- CSF v1.1: PR.IP-4
- IRP: IRP-Sec-6
- IRP: IRP-Sec-6
- IRP: IRP-Sec-6
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 8.13
- NICE Framework: DD-WRL-007
- NICE Framework: IO-WRL-002
- NICE Framework: IO-WRL-005
- NICE Framework: IO-WRL-006
- NICE Framework: PD-WRL-001
- OWASP Top 10 LLM Applications: LLM04-2025
- PCI DSS: 12.10.1
- PCI DSS: 9.4.7
- PCI DSS: 9.3.1.1
- PCI DSS: 9.4.1.1
- PCI DSS: 9.4.1.2
- SCF: BCD-11
- SCF: BCD-11.1
- SCF: BCD-11.5
- SCF: BCD-11.6
- SDOS: SDOS-IN-01
- SDOS: SDOS-IN-02
- SP 800-171 Rev 3: 03.08.09
- SP 800-53 Rev 5.1.1: CP-06
- SP 800-53 Rev 5.1.1: CP-09
- SP 800-53 Rev 5.2.0: CP-06
- SP 800-53 Rev 5.2.0: CP-09
- SSDF: PS.3.1
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).