NIST 800-53 CP-9 Mappings

System-level information includes system state information, operating system software, middleware, application software, and licenses. User-level information includes information other than system-level information. Mechanisms employed to protect the integrity of system backups include digital signatures and cryptographic hashes. Protection of system backup information while in transit is addressed by MP-05 and SC-08. System backups reflect the requirements in contingency plans as well as other organizational requirements for backing up information. Organizations may be subject to laws, executive orders, directives, regulations, or policies with requirements regarding specific categories of information (e.g., personal health information). Organizational personnel consult with the senior agency official for privacy and legal counsel regarding such requirements.


Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CP-9 System Backup Protects T1003 OS Credential Dumping
CP-9 System Backup Protects T1003.003 NTDS
CP-9 System Backup Protects T1070 Indicator Removal on Host
CP-9 System Backup Protects T1070.001 Clear Windows Event Logs
CP-9 System Backup Protects T1070.002 Clear Linux or Mac System Logs
CP-9 System Backup Protects T1119 Automated Collection
CP-9 System Backup Protects T1485 Data Destruction
CP-9 System Backup Protects T1486 Data Encrypted for Impact
CP-9 System Backup Protects T1490 Inhibit System Recovery
CP-9 System Backup Protects T1491 Defacement
CP-9 System Backup Protects T1491.001 Internal Defacement
CP-9 System Backup Protects T1491.002 External Defacement
CP-9 System Backup Protects T1561 Disk Wipe
CP-9 System Backup Protects T1561.001 Disk Content Wipe
CP-9 System Backup Protects T1561.002 Disk Structure Wipe
CP-9 System Backup Protects T1565 Data Manipulation
CP-9 System Backup Protects T1565.001 Stored Data Manipulation
CP-9 System Backup Protects T1565.003 Runtime Data Manipulation