CMMC Practice RE.2.137

Regularly perform and test data backups.


CMMC Version 1.02, pg. 196

Bold Coast Security Guidance

For Level 1 compliance you must have a consistent practice in place to backup CUI data, and periodically test backups to ensure they are viable and effective. For Level 2, your formal written policy must require backups and backup testing. Your security plan for Maturity Level 3 should include a description of your backup methodology and testing plan. It's important to also backup confidential or proprietary data, as well as "system state" so the recovery time is significantly decreased.

Discussion From Source

CMMC Backups are used to recover data in the event of a hardware or software failure. Backups should be performed regularly based on an organizational defined frequency . They should be tested regularly to ensure they are performing as expected.