CP-9(4) — Protection from Unauthorized Modification

This enhancement requires you to protect backups from unauthorized modification — attackers increasingly target backups (especially during ransomware attacks) to prevent recovery.

Example 1: Enable immutable storage on your Azure Blob backup containers or use Veeam Hardened Repository on Linux to prevent anyone from modifying or deleting backups.

Example 2: Store backup copies on write-once media or use S3 Object Lock with compliance mode to ensure backups cannot be altered even by administrators.