Title

The operating system must conduct backups of user-level information contained in the operating system per organization defined frequency to conduct backups consistent with recovery time and recovery point objectives. (Cat II impact)

Discussion

Operating system backup is a critical step in maintaining data assurance and availability. User-level information is data generated by information system and/or application users. Backups shall be consistent with organizational recovery time and recovery point objectives.

Check Content

Ask an administrator if a process exists to back up user data from the system. If such a process does not exist, this is a finding.

Fix Text

Procedures to back up user data from the system must be established and executed. The Red Hat operating system provides utilities for automating such a process. Commercial and open-source products are also available. Implement a process whereby user data is backed up from the system in accordance with local policies.

Additional Identifiers

Rule ID: SV-218088r603264_rule

Vulnerability ID: V-218088

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.