UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Disaster recovery plan does not include ESX Servers, VirtualCenter servers, virtual machines, and necessary peripherals associated with the system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15853 ESX0540 SV-16794r1_rule CODP-1 CODP-2 CODP-3 Medium
Description
Disaster and recovery plans should be drafted and exercised in accordance with the MAC level of the system/Enclave as defined by the DoDI 85002. Disaster plans provide for the resumption of mission or business essential functions. A disaster plan must exist that provides for the resumption of mission or business essential functions within the specified period of time depending on MAC level. (Disaster recovery procedures include business recovery plans, system contingency plans, facility disaster recovery plans, and plan acceptance).
STIG Date
VMware ESX 3 Policy 2016-05-03

Details

Check Text ( C-16202r1_chk )
Request a copy of the disaster recovery plan from the IAO/SA. Review the plan to verify that the ESX Server, management applications, virtual machines, and all necessary system peripherals are included in the plan. If the plan does not include the virtual infrastructure or is incomplete, this is a finding.
Fix Text (F-15807r1_fix)
Add the virtual infrastructure to the disaster recovery plan.