Framework: NIST 800-53 Rev 5
Okta backup and disaster recovery for NIST 800-53
NIST 800-53 Rev 5 expects systems handling sensitive information to have backup, restore, and audit-evidence controls covering the identity layer. Butterfly's Audit Pack is built to map directly to the relevant control families.
Scope
In-scope control families
- CP-9 — System Backup
- CP-10 — System Recovery and Reconstitution
- AC-2 — Account Management
- AU-2 — Event Logging
Coverage mapping
How Butterfly maps to NIST 800-53 Rev 5
CP-9 — System Backup
Scheduled, encrypted snapshots of every Okta resource type with documented retention.
CP-10 — System Recovery and Reconstitution
Restore preview + Restore Readiness Score per connection.
AC-2 — Account Management
Point-in-time history of every user, group, and role mapping — diffable and restorable.
AU-2 — Event Logging
Every backup, restore, and Audit Pack export is logged with actor attribution and SHA-256 manifest.
FAQ
Does the Audit Pack support NIST 800-53 control narratives?
Yes. It is framework-filterable to 800-53 and the export endpoint returns a SHA-256 manifest for chain-of-custody.
Is Butterfly FedRAMP-authorized?
Not currently. We can support customers whose Okta tenant is part of their own ATO boundary; data-flow is documented in the Trust Center.
Does Butterfly meet AU-2 event-logging expectations for the identity layer?
Backup, restore, classification, and export are all event-logged. Logs feed the Audit Pack with actor attribution.
Other frameworks