Email backup and recovery data must be protected.

Part of EMG3-009 Restrict Access to Backup/ Recovery Data

Associated with IA controls: COBR-1

SV-20677r3_rule Email backup and recovery data must be protected.

Vulnerability discussion

All automated information systems are at risk of data loss due to disaster or compromise. Failure to provide adequate protection to the backup and recovery data exposes it to risk of potential theft or damage that may ultimately prevent a successful restoration, should the need become necessary. Adequate protection ensures that backup components can be used to provide transparent or easy recovery from losses or operations outages.Backup files need the same protections against unauthorized access when stored on backup media as when online and actively in use by the email system. Included in this category are physical media, online configuration file copies, and any user data that may need to be restored.

Check content

Access EDSP documentation that describes protections for the Backup and Recovery data. If email backup and recovery data and processes are restricted to authorized users and groups, this is not a finding.

Fix text

Document the authorized backup and recovery users and groups in the EDSP. Create access restrictions to the authorized staff for email services backup and restore data.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.