The objective of PMC8 is to ensure a backup and recovery process is defined an adhered to, such that the business can be confident of integrity and availability of the network resources.
Protective Monitoring, also known as Good Practice Guide 13, or GPG13, is a UK government recommended set of people and business processes and technology to improve company risk profiles.
The GPG13 standard includes twelve Protective Monitoring Controls,. The below section explains what requirements must be met to meet your obligations for Protective Monitoring Control number eight.
Depending on the Impact Level of the organisations data that you are trying to protect you will have one of four recording profiles.
The required Recording Profiles for each Impact Level Data is described below:
Impact Level 1 Data – Recording Profile Aware
Impact Level 2 Data – Recording Profile Deter
Impact Level 3 Data – Recording Profile Deter
Impact Level 4 Data – Recording Profile Detect and Resist
Impact Level 5 Data – Recording Profile Defend
Impact Level 6 Data – Recording Profile Defend
Below is a summary of your obligations under each recording profile:
Aware
Report on Backup, Test and Recovery operations
Alert on Backup, Test and Recovery operation failures
Deter
Ensure you meet the requirements of lower recording profiles
Detect and Resist
Ensure you meet the requirements of lower recording profiles
Report on Backup, Test and Recovery operations including catalog details
Defend
Ensure you meet the requirements of lower recording profiles
Report on Backup, Test and Recovery operations including catalog details, site information and version information
Technology Required
Backup and Recovery Software
The Backup and Recovery Software needs to be able to run regular backups and be able to test the integrity of those backups.
It is recommended that test recoveries are run on a regular basis to ensure the backups are running successfully.
Backups should be stored off-site.
Notes:
The biggest challenge with this Protective Monitoring Control is producing the level of detailed required for the reports and alerts. Most SIEM solutions will not be able to provide you with this level of audit and accounting logs, you will therefore need to ensure that your Backup software can provide the relevant details.