# Restoration Dependency Analyzer (NIST RC.RP)

> Draft and validate System Restoration Sequence & Integrity Verification plans aligned with NIST CSF 2.0 RC.RP. Ensures restoration order respects service dependencies and that backup verification and security integrity checks are explicit before go-live.



Tags: NIST CSF, Disaster Recovery, Recovery Planning, Integrity Verification, RC.RP


## Example Prompts

- Define the restoration order for our multi-tier app and ensure the database is restored before the app server
- Audit our restoration runbook — flag any restore-from-backup step that doesn't verify backup integrity first
- Draft a System Restoration Sequence & Integrity Verification plan for NIST CSF 2.0 RC.RP
- Add a Security Integrity Verification step before our systems go live after restore

URL: https://rakenne.app/skills/restoration-dependency-analyzer/index.md

Try this skill: https://rakenne.app/a/?skill=restoration-dependency-analyzer



## Overview

Draft and validate System Restoration Sequence & Integrity Verification plans aligned with NIST CSF 2.0 RC.RP. Ensures restoration order respects service dependencies (e.g. database before application server) and that backup verification and security integrity checks are explicit before go-live. One extension tool, **clean_backup_protocol_audit**, runs on the restoration plan document and fails when the plan assumes "restore from backup" without an explicit step to verify the backup was not corrupted or encrypted by an attacker.

## Example Conversation

> **You:** We're drafting a restoration runbook for our multi-tier app. We restore the database from last night's backup, then bring up the app servers. Can you draft the sequence and run your validations?

> **Agent:** I'll draft the restoration sequence with a service map (network → DB → app servers) and run **clean_backup_protocol_audit** on the draft. If the plan mentions restoring from backup, the audit will require an explicit backup verification step (NIST RC.RP).

> **Agent:** I've written the runbook in `restoration-runbook.md`. Running **clean_backup_protocol_audit**...

> **Agent:** Result of **clean_backup_protocol_audit**:
>
> === CLEAN BACKUP PROTOCOL AUDIT ===
> Result: FAIL
> Document: restoration-runbook.md
> Plan mentions restoring from backup (e.g. last night, backup copy).
> No explicit backup verification or integrity-check step found.
> FAIL: Plan assumes restore from backup but does not include a step to verify the backup itself was not corrupted or encrypted by an attacker. Add a Security Integrity Verification step before restore (NIST CSF 2.0 RC.RP).
>
> I'll add a step *before* the database restore: "Verify backup integrity (checksum / integrity check; confirm backup was not corrupted or encrypted by attacker)." Then I'll re-run the audit.

> **Agent:** Re-running **clean_backup_protocol_audit**...
>
> === CLEAN BACKUP PROTOCOL AUDIT ===
> Result: PASS
> Plan mentions restoring from backup. Backup integrity / verification step found.
> Protocol is acceptable: backup verification is documented.
>
> The runbook now passes. I've also added a pre-go-live step: security integrity verification (e.g. malware scan) before returning traffic to the restored system.

## Output Excerpt

After the agent drafts the restoration plan and resolves any audit failures, the document typically includes a service map, ordered steps with dependencies, backup verification, and a pre-go-live integrity check. Excerpt:

```markdown
# System Restoration Sequence — Multi-tier application (NIST RC.RP)

## Service map and dependency order

1. Core network / DNS  
2. IAM / directory (depends: network)  
3. Primary database (depends: network, IAM)  
4. Application servers (depends: network, IAM, database)  
5. API gateway / load balancer (depends: app servers)

Restoration steps must follow this order; database is restored before application servers.

## Restoration sequence

1. **Restore core network and DNS** — Bring up network and DNS so dependent systems can resolve and connect.

2. **Verify backup integrity** — Before restoring from backup: run checksum or integrity check on the database backup; confirm the backup was not corrupted or encrypted by an attacker. Do not proceed to restore until verification passes. (Security Integrity Verification — NIST RC.RP.)

3. **Restore database from last known good backup** — Restore primary database from the verified backup. Start replication if applicable.

4. **Restore application servers** — Start app tier; confirm connectivity to database and IAM.

5. **Security integrity verification (pre-go-live)** — Scan restored systems for persistent malware, backdoors, or unexpected changes (e.g. file integrity, malware scan). Do not return production traffic until this step passes.

6. **Restore API gateway and resume traffic** — Bring gateway online and restore user traffic.
```

Running **clean_backup_protocol_audit** on this document would pass: the plan mentions restoring from backup and includes an explicit backup verification step before the restore.

## Extension Tool and Validations

The skill includes one validation tool that runs on the restoration plan document (Markdown or text).

**`clean_backup_protocol_audit`** — Run on the restoration plan draft before finalizing. Ensures that any "restore from backup" assumption is preceded by a documented backup verification step (NIST CSF 2.0 RC.RP).

**What it checks:**

- **Restore-from-backup detection** — The tool looks for phrases such as: "restore from last night", "restore from backup", "recover from backup", "restore the database from backup", "use last night's backup", "restore from last known good". If none are found, the audit passes (no backup restore assumed).
- **Backup verification detection** — If restore-from-backup is present, the tool looks for an explicit backup integrity or verification step. It accepts phrases such as: "verify the backup", "backup integrity", "verify backup was not corrupted/encrypted", "backup integrity verification", "checksum verification of backup", "validate backup before restore", "pre-restore verification", "security integrity verification", "backup not corrupted/encrypted by attacker", "integrity check of backup", "corruption/encryption check on backup".
- **Result** — **PASS** when either (1) the plan does not mention restoring from backup, or (2) it mentions restore-from-backup and also includes at least one backup verification phrase. **FAIL** when the plan mentions restore-from-backup but has no backup verification step — with a message to add a Security Integrity Verification step before restore.

Run this tool after drafting the restoration sequence and before finalizing the runbook. Resolve FAIL by adding a clear step that verifies the backup (e.g. checksum, integrity check, confirm not corrupted or encrypted by attacker) before any restore-from-backup step.

## Getting Started

Add your source materials to the project workspace, then activate the *Restoration Dependency Analyzer (NIST RC.RP)* skill. The agent will guide you through the service map, restoration sequence, integrity steps, and audit. Run **clean_backup_protocol_audit** on the plan document and fix any FAIL before finalizing.


---

Back to [Skill Library](https://rakenne.app/skills/index.md)