If your information systems are secure and compliant, your backups should be too.
Many organizations make a wise business risk decision to backup and/or archive critical information systems. This decision is now more complicated for Aerospace and Defense companies required to meet DFARS 7012, not including the potential security audits coming through Cybersecurity Maturity Model 2.0 Certification (CMMC 2.0). These information systems likely house Controlled Unclassified Information (CUI), and if they do, they are required to meet the MP.L2-3.8.9 control. This simply states that you must protect the confidentiality of the backup CUI at storage locations.
With this in mind, it is critical to configure your backup environment to NIST 800-171/CMMC 2.0 Level 2 and meet the external cloud provider requirements of DFARS 7012. One proper path is through a compliant Backup Solution in Azure Government. Below is a high-level overview of this solution along with some example activities in the project.Azure Baseline Configuration - i.e. Build storage accounts
Setup Conditional Access Policies - i.e. Establish suspect countries
Setup Azure Monitor and Reporting
Setup Azure Recovery Vaults Services
Azure Network Implementation - i.e. Virtual network and subnets
Azure Site Recovery (Offsite DR Site)
Establish least privilege using Azure RBAC
Azure frees you from upfront capital expenses and the time it takes to manage services locally. And that means you can focus on what’s important: running your business.
Safeguard your business with unmatched security management and threat protection for all backed-up applications and data, whether they’re on-premises or in the cloud. Plus, Azure has more security and certifications than any other cloud provider for DoD contractors.