Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1076 | 1.013 | SV-29627r1_rule | Low |
Description |
---|
Recovery of a damaged or compromised system in a timely basis is difficult without a system information backup. A system backup will usually include sensitive information such as user accounts that could be used in an attack. As a valuable system resource, the system backup should be protected and stored in a physically secure location. |
STIG | Date |
---|---|
Windows 2008 Member Server Security Technical Implementation Guide | 2017-03-02 |
Check Text ( C-7887r1_chk ) |
---|
Interview the SA to determine if system recovery backup procedures are in place that comply with DoD requirements. Any of the following would be a finding: •The site does not maintain emergency system recovery data. •The emergency system recovery data is not protected from destruction and stored in a locked storage container. •The emergency system recovery data has not been updated following the last system modification. |
Fix Text (F-36r1_fix) |
---|
Implement data backup procedures that comply with DoD requirements. |