CUI in your backups needs the same protection as the original.
What it actually means
Protect the confidentiality of backup CUI at storage locations. Backups are a common blind spot: if your production CUI is protected but your backups aren't, you have a gap. Encrypt backups and secure the location — cloud or physical — where they're stored.
Pass or fail — an assessor needs a "yes" to each
- Is CUI in backups protected (encrypted and access-controlled) at the storage location?
What to have ready
- Backup encryption and access configuration
- Description of backup storage security
Where teams trip up
- Encrypted production data but plaintext backups
- Backups in an unsecured location or an unrestricted cloud bucket
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →