CIS Logo
tagline: Confidence in the Connected World
HomeCIS ControlsCIS Control 10: Data Recovery Capability
Young men working on a computer

CIS Control 10

Data Recovery Capability

Key Principle:

The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it.

Why is this CIS Control critical?

When attackers compromise machines, they often make significant changes to configurations and software. Sometimes attackers also make subtle alterations of data stored on compromised machines, potentially jeopardizing organizational effectiveness with polluted information. When the attackers are discovered, it can be extremely difficult for organizations without a trustworthy data recovery capability to remove all aspects of the attacker’s presence on the machine.

Main Points:
  • Ensure that each system is automatically backed up on at least a weekly basis, and more often for systems storing sensitive information. To help ensure the ability to rapidly restore a system from backup, the operating system, application software, and data on a machine should each be included in the overall backup procedure. These three components of a system do not have to be included in the same backup file or use the same backup software. There should be multiple backups over time, so that in the event of malware infection, restoration can be from a version that is believed to predate the original infection. All backup policies should be compliant with any regulatory or official requirements.
  • Test data on backup media on a regular basis by performing a data restoration process to ensure that the backup is properly working.

See the full text of this CIS Control and the other 20 CIS Controls

Secure Your Organization Against the Most Common Attack Vectors


Arrow First 5 CIS Controls Arrow All 20 CIS Controls

Developed, validated and prioritized by a volunteer community of cybersecurity experts.

Information Hub: Data Recovery Capability