UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

E-mail backup and recovery data must be protected.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18882 EMG3-009 EMail SV-20677r1_rule COBR-1 Medium
Description
All automated information systems are at risk of data loss due to disaster or compromise. Failure to provide adequate protection to the backup and recovery data exposes it to risk of potential theft or damage that may ultimately prevent a successful restoration, should the need become necessary. Adequate protection ensures that backup components can be used to provide transparent or easy recovery from losses or operations outages. Backup files need the same protections against unauthorized access when stored on backup media as when online and actively in use by the E-mail system. Included in this category are physical media, online configuration file copies, and any user data that will need to be restored.
STIG Date
Email Services Policy 2012-01-31

Details

Check Text ( C-22536r1_chk )
Procedure: Interview the E-mail Administrator or the IAO. Access the System Security Plan documentation that describes protections for the Backup and Recovery data. Direct access must be granted to only processes and personnel who are responsible for handling that data.

Criteria: If E-mail backup and recovery data and processes are restricted to authorized groups, this is not a finding.
Fix Text (F-19579r1_fix)
Ensure that only E-mail Administrator and authorized backup and restore personnel have access to E-Mail services backup and restore data.