The Sun Ray system backups are not performed in accordance with the assigned MAC level.

From Sun Ray 4 STIG

Part of Sun Ray system backups are not performed

Associated with IA controls: CODB-3, CODB-2, CODB-1

SV-17342r1_rule The Sun Ray system backups are not performed in accordance with the assigned MAC level.

Vulnerability discussion

The three MAC level has different requirements for backing up data. For MAC III systems it is necessary to ensure that backups are performed weekly. For MAC II systems backups are performed daily and the recovery media is stored off-site in a protected facility in accordance with its mission assurance category and confidentiality level. In MAC I systems backups are maintained through a redundant secondary system, not colocated, and can be activated without loss of data or disruption to the operation. NOTE: The MAC level indicates the criticality of an asset to the DoD mission based on its purpose and user community. The Sensitivity level of an asset must also be determined and is based on whether the data or resource is restricted or releasable to the public. There are three MAC and three Sensitivity levels. The MAC and Sensitivity level of the asset are an important factor in determining the security strength the access control solution must provide. MAC and Sensitivity Levels are further defined in Appendix C and DoDI 8500.2.

Check content

1. Determine the MAC level of the Sun Ray system by asking the IAO/SA. 2. Once the MAC level is determined, locate the backup media or storage location. For MAC I servers, a redundant secondary system is required that is not colocated. For MAC II servers, daily backups are required with recovery media stored offline. For MAC III servers, backups must be performed weekly. 3. Depending on the MAC level, verify the servers are backed up to media or storage within the guidelines of the MAC level. If they are not, this is a finding.

Fix text

Backup the Sun Ray system in accordance to the MAC level.

Pro Tips

Powered by sagemincer