UCF STIG Viewer Logo

System information backups are not created, updated, and protected according to DISA requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1076 1.013 SV-25001r1_rule Low
Description
Recovery of a damaged or compromised system in a timely basis is difficult without a system information backup. A system backup will usually include sensitive information such as user accounts that could be used in an attack. As a valuable system resource, the system backup should be protected and stored in a physically secure location.
STIG Date
Windows 7 Security Technical Implementation Guide 2018-02-12

Details

Check Text ( C-7887r1_chk )
Interview the SA to determine if system recovery backup procedures are in place that comply with DoD requirements.

Any of the following would be a finding:

•The site does not maintain emergency system recovery data.
•The emergency system recovery data is not protected from destruction and stored in a locked storage container.
•The emergency system recovery data has not been updated following the last system modification.

Fix Text (F-36r1_fix)
Implement data backup procedures that comply with DoD requirements.