bigforceone
NIST 800-171 r3 · System and Communications Protection

03.13.03

What this control requires

Source: NIST SP 800-171 R3 §03.13.03 (official control text).

Why this matters

System backup protects organizational operations from data loss caused by equipment failure, human error, ransomware, or natural disasters. Without verified backups, a single incident can destroy critical business records, intellectual property, customer data, and operational continuity. This control requires organizations to establish scheduled backup processes, protect backup media from the same threats affecting primary systems, and periodically test restoration to ensure backups actually work when needed. Backups must cover system-level information (operating configurations, application states) and user-level information (documents, databases, email) essential to mission operations.

What evidence assessors expect

Assessors typically look for: screenshot, PDF, photo. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls

SC.L2-3.13.3

See your live posture on 03.13.03.

FORCE shows where you stand on this control and walks you through closing it.

Start a free trial tenant →
← All controls