Back-up copies of the application software or source code must be stored in a fire-rated container or stored separately (offsite).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-70357	APSC-DV-003080	SV-84979r1_rule		Medium

Description
Application developers and application administrators must take steps to ensure continuity of development effort and operations should a disaster strike. Steps include protecting back-up copies of development code and application software. Improper storage of the back-up copies can result in extended outages of the information system in the event of a fire or other situation that results in destruction of the back-up as well as the operating copy. To address this risk, copies of application software and application source code must be stored in a fire-rated container or separately (offsite) from the operational or development environments.

Description

Application developers and application administrators must take steps to ensure continuity of development effort and operations should a disaster strike. Steps include protecting back-up copies of development code and application software. Improper storage of the back-up copies can result in extended outages of the information system in the event of a fire or other situation that results in destruction of the back-up as well as the operating copy. To address this risk, copies of application software and application source code must be stored in a fire-rated container or separately (offsite) from the operational or development environments.

STIG	Date
Application Security and Development Security Technical Implementation Guide	2017-03-20

Details

Check Text ( C-70811r1_chk )
When reviewing a COTS or GOTS application, verify that a back-up copy of the software is stored in a fire rated container or is stored separately (offsite) from the operational environment. Determine if application development is done in-house. If application development occurs in-house and source code is available, verify a back-up copy of the source code is kept in a fire-rated container or stored offsite from the development environment. If back-up copies of the application software or source code are not stored in a fire-rated container or stored separately (offsite) from their respective environments, this is a finding.

Check Text ( C-70811r1_chk )

When reviewing a COTS or GOTS application, verify that a back-up copy of the software is stored in a fire rated container or is stored separately (offsite) from the operational environment.

Determine if application development is done in-house.

If application development occurs in-house and source code is available, verify a back-up copy of the source code is kept in a fire-rated container or stored offsite from the development environment.

If back-up copies of the application software or source code are not stored in a fire-rated container or stored separately (offsite) from their respective environments, this is a finding.

Fix Text (F-76593r1_fix)
Store a back-up copy of the application software and source code in a fire-rated container or store it separately (offsite) from their respective environments.