If your information systems are secure and compliant, your backups should be too.
Many organizations make a wise business risk decision to backup and/or archive critical information systems. This decision is now more complicated for Aerospace and Defense companies required to meet DFARS 7012, not including the potential security audits coming through the newly drafted Cybersecurity Maturity Model Certification (CMMC). These information systems likely house Controlled Unclassified Information (CUI), and so too will the respective backups. CMMC Levels 2 and 3, as of the latest draft release, will include the requirement for backup.
With this in mind, it is critical to configure your backup environment to NIST 800-171 and meet the reporting requirements of DFARS 7012. One proper path is through a compliant Backup Solution in Azure Government. Below is a high level overview of this solution along with some example activities in the project.Azure Baseline Configuration - i.e. Build storage groups
Setup Conditional Access Policies - i.e. Establish suspect countries
Setup Azure Monitor and Reporting
Setup Azure Recovery Services
Azure Network Implementation - i.e. Virtual network and subnets
Azure Directory Implementation - i.e. Domain controllers and AD Connect
Establish least privilege using Azure RBAC
Azure frees you from upfront capital expenses and the time it takes to manage services locally. And that means you can focus on what’s important: running your business.
Safeguard your business with unmatched security management and threat protection for all backed up applications and data, whether they’re on-premises or in the cloud. Plus, Azure has more security and certifications than any other cloud provider for DoD contractors.