Procedures must be in place to assure the appropriate physical and technical protection of the backup and restoration of the application.

From Application Security and Development Security Technical Implementation Guide

Associated with: CCI-000540

SV-84981r1_rule Procedures must be in place to assure the appropriate physical and technical protection of the backup and restoration of the application.

Vulnerability discussion

Protection of backup and restoration assets is essential for the successful restore of operations after a catastrophic failure or damage to the system or data files. Failure to follow proper procedures may result in the permanent loss of system data and/or the loss of system capability resulting in failure of the customer’s mission.

Check content

Validate that backup and recovery procedures incorporate protection of the backup and restoration assets. Verify assets housing the backup data (e.g., SANS, tapes, backup directories, software) and the assets used for restoration (e.g., equipment and system software) are included in the backup and recovery procedures. If backup and restoration devices are not included in the recovery procedures, this is a finding.

Fix text

Develop and implement procedures to insure that backup and restoration assets are properly protected and stored in an area/location where it is unlikely they would be affected by an event that would affect the primary assets.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.