Title

The application must support and must not impede organizational requirements to conduct backups of information system documentation including security-related documentation per organization-defined frequency. (Cat II impact)

Discussion

Information system backup is a critical step in maintaining data assurance and availability. Information system and security related documentation contains information pertaining to system configuration and security settings. Backups shall be consistent with organizational recovery time and recovery point objectives. Rationale for non-applicability: Mobile applications are presumed not to have local documentation. In most cases, this documentation would not be accessible to users if stored locally because applications do not have native document readers. If the local documentation were accessible by a document reader outside of the application, then any security information in that documentation would be vulnerable to disclosure.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46686r1_rule

Vulnerability ID: V-35399

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.