5.1.3. Security Controls for Asset Management and Backups

💡 First Principle: Asset management ensures you know what resources exist and their security state. Backup security ensures recovery data cannot be compromised or deleted.

Backup Security Controls

• Soft delete for backup data: Retain deleted backup data for 14 days
• MFA for critical operations: Require MFA to delete backups
• Private endpoints: Secure backup traffic