Navigate

Check: HYCU-ND-000410

HYCU Protege STIG: HYCU-ND-000410 (in version v1 r1)

Title

The HYCU virtual appliance must off-load audit records onto a different system or media than the system being audited. (Cat II impact)

Discussion

Information system backup is a critical step in maintaining data assurance and availability. Information system and security-related documentation contains information pertaining to system configuration and security settings. If this information were not backed up and a system failure were to occur, the security settings would be difficult to reconfigure quickly and accurately. Maintaining a backup of information system and security-related documentation provides for a quicker recovery time when system outages occur. System-level information includes default and customized settings and security attributes, including ACLs that relate to the network device configuration, as well as software required for the execution and operation of the device. Information system backup is a critical step in ensuring system integrity and availability. If the system fails and there is no backup of the system-level information, a denial-of-service condition is possible for all who use this critical network component. Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. Satisfies: SRG-APP-000515-NDM-000325, SRG-APP-000516-NDM-000340

Check Content

Verify that HYCU is backing itself up by logging in to the HYCU Web UI and checking the HYCU Controller widget at the HYCU Dashboard. If the message "Controller VM is not protected" is found and highlighted in orange, this is a finding.

Fix Text

Log in to the HYCU Web UI and go to the "Virtual Machines" menu, then apply a backup policy to the HYCU Server to back it up. Any documentation/configuration files stored on the HYCU server will be backed up as a result.

Additional Identifiers

Rule ID: SV-268253r1038701_rule

Vulnerability ID: V-268253

Group Title: SRG-APP-000515-NDM-000325

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	Implement the security configuration settings.
CCI-000537	Conduct backups of system-level information contained in the system per organization-defined frequency that is consistent with recovery time and recovery point objectives.
CCI-001851	Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-4(1)	Transfer to Alternate Storage
CM-6	Configuration Settings
CP-9	Information System Backup