Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1076 | WN08-00-000003 | SV-48019r1_rule | CODB-1 | Low |
Description |
---|
Recovery of a damaged or compromised system in a timely manner is difficult without a system information backup. A system backup will usually include sensitive information such as user accounts that could be used in an attack. As a valuable system resource, the system backup must be protected and stored in a physically secure location. |
STIG | Date |
---|---|
Windows 8 Security Technical Implementation Guide | 2014-01-07 |
Check Text ( C-44757r2_chk ) |
---|
Determine if system recovery backup procedures are in place that comply with DoD requirements. Any of the following would be a finding: -The site does not maintain emergency system recovery data. -The emergency system recovery data is not protected from destruction and stored in a locked storage container. -The emergency system recovery data has not been updated following the last system modification. |
Fix Text (F-41157r1_fix) |
---|
Implement system recovery procedures that include maintaining emergency system recovery data, protecting that data from destruction and storing it in a locked storage container, and updating it following each and every system modification. |