Title

Procedures must be in place to assure the appropriate physical and technical protection of the backup and restoration of the application. (Cat II impact)

Discussion

Protection of backup and restoration assets is essential for the successful restore of operations after a catastrophic failure or damage to the system or data files. Failure to follow proper procedures may result in the permanent loss of system data and/or the loss of system capability resulting in failure of the customer’s mission.

Check Content

Validate that backup and recovery procedures incorporate protection of the backup and restoration assets. Verify assets housing the backup data (e.g., SANS, tapes, backup directories, software) and the assets used for restoration (e.g., equipment and system software) are included in the backup and recovery procedures. If backup and restoration devices are not included in the recovery procedures, this is a finding.

Fix Text

Develop and implement procedures to insure that backup and restoration assets are properly protected and stored in an area/location where it is unlikely they would be affected by an event that would affect the primary assets.

Additional Identifiers

Rule ID: SV-222640r879887_rule

Vulnerability ID: V-222640

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.