The application server must back up application server configuration data on an automated basis.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35257	SRG-APP-000146-AS-000100	SV-46544r1_rule		Medium

Description
Information system backup is a critical step in maintaining data assurance and availability. Application server configuration information includes all data relevant to the successful recovery of the application server itself. Backups shall be consistent with organizational recovery time and recovery point objectives. The application server must be configured to automatically invoke backups of the application server configuration information.

Description

Information system backup is a critical step in maintaining data assurance and availability. Application server configuration information includes all data relevant to the successful recovery of the application server itself. Backups shall be consistent with organizational recovery time and recovery point objectives. The application server must be configured to automatically invoke backups of the application server configuration information.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43625r1_chk )
Review the AS configuration and organizational policy to determine backup strategy. Backups must be consistent with recovery time and recovery point objectives. If application server configuration data are not backed up on an automated basis, this is a finding.

Fix Text (F-39803r1_fix)
Implement automated system level backup strategy and include AS configuration data.