Title

The operating system must conduct backups of operating system documentation including security-related documentation per organization-defined frequency to conduct backups that is consistent with recovery time and recovery point objectives. (Cat II impact)

Discussion

Operating system backup is a critical step in maintaining data assurance and availability. System documentation is data generated for/by the host (such as logs) and/or administrative users. Backups shall be consistent with organizational recovery time and recovery point objectives.

Check Content

The operations staff shall ensure that proper backups are created, tested, and archived. Ask the operator for documentation on the backup procedures implemented. If the backup procedures are not documented then this is a finding.

Fix Text

The operations staff shall install, configure, test, and verify operating system backup software. Additionally, all backup procedures must be documented.

Additional Identifiers

Rule ID: SV-216227r959010_rule

Vulnerability ID: V-216227

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.