The application server must conduct automated backups of application-level information contained in the application server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35254	SRG-APP-000146-AS-000099	SV-46541r1_rule		Medium

Description
Information system backup is a critical step in maintaining data assurance and availability. Application-level information includes all data relevant to the successful recovery of the application domain. Backups shall be consistent with organizational recovery time and recovery point objectives. The application server must provide the capability to back up the application domains and application related configuration information.

Description

Information system backup is a critical step in maintaining data assurance and availability. Application-level information includes all data relevant to the successful recovery of the application domain. Backups shall be consistent with organizational recovery time and recovery point objectives. The application server must provide the capability to back up the application domains and application related configuration information.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43609r1_chk )
Review the AS configuration and organizational policy to determine backup strategy. Backups must be consistent with recovery time and recovery point objectives. If application level data are not backed up on an automated basis, this is a finding.

Fix Text (F-39787r1_fix)
Implement automated application-level backup strategy.