1.013 - System information backups will be created, updated, and protected.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Recovery of a damaged or compromised system in a timely basis is difficult without a system information backup. A system backup will usually include sensitive information such as user accounts that could be used in an attack. As a valuable system resource, the system backup should be protected and stored in a physically secure location.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Implement backup procedures that comply with the following requirements:

-Maintain emergency system recovery data.
-The emergency system recovery data is protected from destruction and stored in a locked storage container.
-The emergency system recovery data is updated following the last system modification.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2008_R2_DC_V1R34_STIG.zip

Item Details

References: CAT|III, CCI|CCI-000366, Rule-ID|SV-32245r1_rule, STIG-ID|1.013, Vuln-ID|V-1076

Plugin: Windows

Control ID: d34a0288c079e27dbd684d33343cbb230ac2a5a1a34e4c42095461978508e133