Access Control for Backup and Restore Operations

CCC.RDMS.CN04: Access Control for Backup and Restore Operations

Control ID:CCC.RDMS.CN04

Title:Access Control for Backup and Restore Operations

Objective:Restrict who can initiate, manage, and validate database backup or restore operations through strict role-based or least-privilege access. Prevents accidental or malicious restorations, protecting data integrity and availability.

Control Family:

Identity and Access Management

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.RDMS.TH04	Unintentional Database Backup Restoration	A database backup may be restored unintentionally, potentially leading to the loss or overwrite of current data. This condition could disrupt operations and result in data inconsistency or corruption.	1	1	0

Related Capabilities

ID	Title	Description
CCC.Core.CP11	Backup	The service can generate copies of its data or configurations in the form of automated backups, snapshot-based backups, or incremental backups.

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
NIST-CSF	PR.AC-4	0	-
NIST_800_53	AC-6	0	-

Assessment Requirements

ID	Description	Applicability
CCC.RDMS.CN04.AR01	When there is an attempt to perform a backup or restore, then the attempt must fail with an access denied message if credentials or roles that are not explicitly authorized for backup/restore functions.	tlp-red tlp-amber