The IDPS must support organizational requirements to conduct backups of system level information contained in the information system per organizationally defined frequency.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34630 | SRG-NET-000136-IDPS-00101 | SV-45505r1_rule | Low |
| Description |
|---|
| System level information includes default and customized settings and security attributes, as well as software required for the execution and operation of the device. Information system backup is a critical step in insuring system integrity and availability. If the system fails and there is no backup of the system level information, a denial of service condition is possible for all who utilize this critical network component. This control requires the IDPS support the organizational central backup process for system level information associated with the IDPS. This function may be provided by the IDPS itself; however, the preferred best practice is a centralized backup rather than each network element performing discrete backups. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42854r1_chk ) |
|---|
| Review the IDPS configuration to determine whether the IDPS is configured to backup system level data and is capable of backing up according to a defined frequency. If the IDPS does not support the organizational requirements to conduct backups of system level data according to a defined frequency, this is a finding. |
| Fix Text (F-38902r1_fix) |
|---|
| Configure the IDPS to backup system level data according to an organizationally defined frequency. |