UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must support organizational requirements to conduct backups of information system documentation including security related documentation per organizationally defined frequency that is consistent with recovery time and recovery point object


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000137-IDPS-000129 SRG-NET-000137-IDPS-000129 SRG-NET-000137-IDPS-000129_rule Low
Description
System information contained on an IDPS contains default and customized attributes as well as software required for the execution and operation of the device. If this information becomes corrupted by hardware failures or by a malicious user, it must be restored immediately to ensure network availability. Backing up this information is a critical step for data recovery.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43262_chk )
Verify IDPS information system and security-related documentation stored on the IDPS management console are included in backup job.
Verify this information is backed up in accordance with an organizationally defined schedule.
Verify the backup job is scheduled to perform automatically without system administrator intervention.
Verify the backup is configured to a different system or off-line media.

If user account information is not backed up periodically to a different system or off-line media, this is a finding.
Fix Text (F-43262_fix)
Configure a backup job to automatically backup IDPS information system and security-related documentation stored on the IDPS management console on a schedule identified by the DAA or designated representative.
Verify the backup is configured to direct the sensor log files to a different system or off-line media.