An error occurred:

Check: AAMV0430

zOS ACF2 STIG: AAMV0430 (in versions v6 r43 through v6 r30)

Title

System DASD backups are not performed on a regularly scheduled basis. (Cat II impact)

Discussion

If backups of the operating environment are not properly processed, implementation of a contingency plan would not include the data necessary to fully recover from any outage.

Check Content

a) Refer to Vulnerability Questions within the SRRAUDIT Dialog Management document. Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(AAMV0430) b) If, based on the information provided, it can be determined that system DASD backups are performed on a regularly scheduled basis, there is NO FINDING. c) If it cannot be determined that system DASD backups are performed on a regularly scheduled basis, this is a FINDING.

Fix Text

The IAO will ensure that procedures are in place to backup the operating system and all its subsystems on a regularly scheduled interval as required to recover the environment. Review all documented processes for the backup of the operating environment. Ensure that these include a regularly scheduled backup of the entire operating system and its related subsystems, both at individual data set and full volume levels. Adequate backup scheduling is also an often overlooked integrity exposure. Back up system files on a regular schedule. Store the backups off site to prevent concurrent loss of the live production system and the backup files. Backup scheduling will vary depending on the requirements and capabilities of the individual data center. While the requirements of Data Owners may necessitate more frequent backups, a recommended schedule is as follows: - Weekly and monthly full volume backup of volumes with low update activity, such as the operating system volumes - Nightly backup of high update activity data sets and volumes, such as application system databases and user data volumes

Additional Identifiers

Rule ID: SV-106r2_rule

Vulnerability ID: V-106

Group Title: AAMV0430

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000537

The organization conducts backups of system-level information contained in the information system per organization-defined frequency that is consistent with recovery time and recovery point objectives.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CP-9

Information System Backup