The network device must support organizational requirements to conduct backups of information system documentation, including security-related documentation, per an organizationally defined frequency that is consistent with recovery time and recovery point objectives.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000137-NDM-000100	SRG-NET-000137-NDM-000100	SRG-NET-000137-NDM-000100_rule		Low

Description
Information system backup is a critical step in maintaining data assurance and availability. Information system and security related documentation contains information pertaining to system configuration and security settings. If this information was not backed up, and a system failure occurred, the security settings would be difficult to reconfigure quickly and accurately. Maintaining a backup of information system and security related documentation provides for a quicker recovery time when system outages occur. This control requires the network device support the organizational central backup process for user account information associated with the network device. This function may be provided by the network device itself; however, the preferred best practice is a centralized backup rather than each network device performing discrete backups.

Description

Information system backup is a critical step in maintaining data assurance and availability. Information system and security related documentation contains information pertaining to system configuration and security settings. If this information was not backed up, and a system failure occurred, the security settings would be difficult to reconfigure quickly and accurately. Maintaining a backup of information system and security related documentation provides for a quicker recovery time when system outages occur. This control requires the network device support the organizational central backup process for user account information associated with the network device. This function may be provided by the network device itself; however, the preferred best practice is a centralized backup rather than each network device performing discrete backups.

STIG	Date
Network Device Management Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000137-NDM-000100_chk )
Review the network device backup configuration to determine if the network device backs up the information system documentation, including security-related documentation, per an organizationally defined frequency that is consistent with recovery time and recovery point objective. If the network device does not backup the information system documentation, including security-related documentation, per an organizationally defined frequency that is consistent with recovery time and recovery point objectives, this is a finding.

Check Text ( C-SRG-NET-000137-NDM-000100_chk )

Review the network device backup configuration to determine if the network device backs up the information system documentation, including security-related documentation, per an organizationally defined frequency that is consistent with recovery time and recovery point objective.

If the network device does not backup the information system documentation, including security-related documentation, per an organizationally defined frequency that is consistent with recovery time and recovery point objectives, this is a finding.

Fix Text (F-SRG-NET-000137-NDM-000100_fix)
Configure the network device to conduct backups of information system documentation including security-related documentation per an organizationally defined frequency that is consistent with recovery time and recovery point objective.