Navigate

Check: HYCU-ND-000400

HYCU Protege STIG: HYCU-ND-000400 (in version v1 r1)

Title

The HYCU virtual appliance must support organizational requirements to conduct backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner. (Cat II impact)

Discussion

Information system backup is a critical step in maintaining data assurance and availability. Information system and security-related documentation contains information pertaining to system configuration and security settings. If this information were not backed up, and a system failure were to occur, the security settings would be difficult to reconfigure quickly and accurately. Maintaining a backup of information system and security-related documentation provides for a quicker recovery time when system outages occur. System-level information includes default and customized settings and security attributes, including ACLs that relate to the network device configuration, as well as software required for the execution and operation of the device. Information system backup is a critical step in ensuring system integrity and availability. If the system fails and there is no backup of the system-level information, a denial-of-service condition is possible for all who use this critical network component. Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.

Check Content

Verify that HYCU is backing itself up by logging in to the HYCU Web UI and checking the HYCU Controller widget at the HYCU Dashboard. If the message "Controller VM is not protected" is found and highlighted in orange, this is a finding.

Fix Text

Log in to the HYCU Web UI and go to the "Virtual Machines" menu, then apply a backup policy to the HYCU Server to back it up. Any documentation/configuration files stored on the HYCU server will be backed up as a result.

Additional Identifiers

Rule ID: SV-268252r1038698_rule

Vulnerability ID: V-268252

Group Title: SRG-APP-000516-NDM-000341

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	Implement the security configuration settings.
CCI-000539	Conduct backups of system documentation, including security-related documentation, per an organization-defined frequency that is consistent with recovery time and recovery point objectives.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings
CP-9	Information System Backup