Check: EMG3-007 EMail
Email Services Policy STIG:
EMG3-007 EMail
(in version v2 r6)
Title
Email backups must meet schedule and storage requirements. (Cat II impact)
Discussion
Hardware failures or other (sometimes physical) disasters can cause data loss to active applications, and precipitate the need for expedient recovery. Ensuring backups are conducted on an agreed schedule creates a timely copy from which to recover active systems. Storing backup contents at a separate physical location protects the backup data from site-specific physical disasters. Backup schedule and storage location are determined in accordance with the MAC category and confidentiality level of the system.
Check Content
Access the EDSP for intended backup schedule and storage provisions. Review artifacts, such as job logs, file locations, access protections and procedures for offline files, and storage methods that demonstrate compliance to the intended schedule and log storage requirements. If email backups are conducted according to the EDSP, on schedule and are stored appropriately, this is not a finding.
Fix Text
Document the email backup strategy in the EDSP and perform backups on the schedule that is documented. Store the data as required.
Additional Identifiers
Rule ID: SV-20679r3_rule
Vulnerability ID: V-18883
Group Title: EMG3-007 Backups Interval and Storage Location
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |