Skip to content

CAS and policy configuration files must be backed up.

An XCCDF Rule

Description

<VulnDiscussion>A successful disaster recovery plan requires that CAS policy and CAS policy configuration files are identified and included in systems disaster backup and recovery events. Documentation regarding the location of system and application specific CAS policy configuration files and the frequency in which backups occur is required. If these files are not identified and the information is not documented, there is the potential that critical application configuration files may not be included in disaster recovery events which could lead to an availability risk.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-225227r954804_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

All CAS policy and policy configuration files must be included in the system backup. 

All CAS policy and policy configuration files must be backed up prior to migration, deployment, and reconfiguration.

CAS policy configuration files must be included in disaster recovery plan documentation.