Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-106 | AAMV0430 | SV-106r2_rule | CODB-2 DCCS-1 DCCS-2 | Medium |
Description |
---|
If backups of the operating environment are not properly processed, implementation of a contingency plan would not include the data necessary to fully recover from any outage. |
STIG | Date |
---|---|
z/OS ACF2 STIG | 2016-01-04 |
Check Text ( C-663r1_chk ) |
---|
a) Refer to Vulnerability Questions within the SRRAUDIT Dialog Management document. Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(AAMV0430) b) If, based on the information provided, it can be determined that system DASD backups are performed on a regularly scheduled basis, there is NO FINDING. c) If it cannot be determined that system DASD backups are performed on a regularly scheduled basis, this is a FINDING. |
Fix Text (F-17031r1_fix) |
---|
The IAO will ensure that procedures are in place to backup the operating system and all its subsystems on a regularly scheduled interval as required to recover the environment. Review all documented processes for the backup of the operating environment. Ensure that these include a regularly scheduled backup of the entire operating system and its related subsystems, both at individual data set and full volume levels. Adequate backup scheduling is also an often overlooked integrity exposure. Back up system files on a regular schedule. Store the backups off site to prevent concurrent loss of the live production system and the backup files. Backup scheduling will vary depending on the requirements and capabilities of the individual data center. While the requirements of Data Owners may necessitate more frequent backups, a recommended schedule is as follows: - Weekly and monthly full volume backup of volumes with low update activity, such as the operating system volumes - Nightly backup of high update activity data sets and volumes, such as application system databases and user data volumes |