UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must support organizational requirements to conduct backups of information system documentation, including security-related documentation, per an organizationally defined frequency that is consistent with recovery time and recovery point objectives.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000137-FW-000084 SRG-NET-000137-FW-000084 SRG-NET-000137-FW-000084_rule Low
Description
Information system backup is a critical step in maintaining data assurance and availability. Information system and security related documentation contains information pertaining to system configuration and security settings. If this information was not backed up, and a system failure occurred, the security settings would be difficult to reconfigure quickly and accurately. Maintaining a backup of information system and security related documentation provides for a quicker recovery time when system outages occur. This control requires the firewall support the organizational central backup process for user account information associated with the firewall. This function may be provided by the firewall itself; however, the preferred best practice is a centralized backup rather than each network element performing discrete backups.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-000137-FW-000084_chk )
Review the firewall backup configuration to determine if the firewall backs up the information system documentation, including security-related documentation, per an organizationally defined frequency that is consistent with recovery time and recovery point objective.

If the firewall implementation does not backup the information system documentation, including security-related documentation, this is a finding.
Fix Text (F-SRG-NET-000137-FW-000084_fix)
Configure the firewall implementation to conduct backups of information system documentation including security-related documentation per an organizationally defined frequency that is consistent with recovery time and recovery point objective.