YALE-MSS-7.1: Back up user-level and system-level data

Backups of user‑ and system‑level data frequently contain sensitive information. Moreover, the value of backups depends on their integrity—there is little benefit in restoring a backup that has been tampered with or corrupted.

Data recovery capabilities are essential for maintaining system integrity and ensuring availability. In the event of a security incident—such as a ransomware attack—effective data recovery can:

• Restore lost or compromised data
• Help verify whether information has been altered or tampered with

To protect the confidentiality and integrity of backup data, strong encryption should be applied both in transit (when information is transmitted over a network) and at rest (when information is stored). This ensures backups remain secure throughout their entire lifecycle.

Back up data to another system or device. Whenever feasible, implement an automated network backup. This results in a backup stored off of the IT system, helping with resilience.

All selected backup technologies must meet the Minimum Security Standards for the risk classification.

Ensure backups are encrypted in transit and at rest:

• For moderate risk systems, encryption at rest is not required provided that backup devices are stored in physically secure spaces.
• For high risk systems, encryption at rest is not required if backup devices are hosted in Yale data centers or by vendors in secure data centers.

This standard is met for any workstation enrolled in the managed workstation program.