SCOM unsealed management packs must be backed up regularly.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-237433 | SCOM-CM-000002 | SV-237433r643945_rule | Low |
| Description |
|---|
| SCOM's configuration information is stored within unsealed management packs. Even without SQL backups, a catastrophic failure to SCOM can be recovered from quickly if the unsealed management packs have been backed up. Satisfies: SRG-APP-000516-NDM-000340, SRG-APP-000516-NDM-000341 |
| STIG | Date |
|---|---|
| Microsoft SCOM Security Technical Implementation Guide | 2021-03-15 |
Details
| Check Text ( C-40652r643943_chk ) |
|---|
| There is more than one way to configure this, and it will be at an administrator's discretion. Open task scheduler and check for the presence of a scheduled task to back up unsealed management packs. If present, review the script to determine where backups are being stored. Verify that the unsealed management packs are being saved to the location specified in the task and that the location is being backed up regularly. Alternatively, several free management packs do exist to automate this process within SCOM, or an administrator could automate this with their own custom management pack or using an orchestration tool such as System Center Orchestrator. This is not a finding if an administrator can show that one of these is installed/configured and that unsealed management packs are being written to the configured location. If unsealed management packs are not being exported to disk and backed up, this is a finding. |
| Fix Text (F-40615r643944_fix) |
|---|
| The quickest solution available is to download the management pack referenced in this article and configure it accordingly: https://kevinholman.com/2017/07/07/scom-2012-and-2016-unsealed-mp-backup/ Ultimately, this is an organizational decision as to how the administrator would like to proceed. |