NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-9(2)Test Restoration Using Sampling

Use a sample of backup information in the restoration of selected system functions as part of contingency plan testing.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Organizations need assurance that system functions can be restored correctly and can support established organizational missions. To ensure that the selected system functions are thoroughly exercised during contingency plan testing, a sample of backup information is retrieved to determine whether the functions are operating as intended. Organizations can determine the sample size for the functions and backup information based on the level of assurance needed.

Practitioner Notes

This enhancement requires you to test restoration using a sample of your backups — verifying that a representative set of your backup data can be successfully recovered.

Example 1: Each quarter, select three random backup sets from different systems and perform a test restoration to a lab environment, documenting the results and any issues found.

Example 2: Use Azure Backup restore verification to periodically restore random files and database tables from different backup dates and verify data integrity.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(2) Capacity Planning