CAS and policy configuration files must be backed up.
An XCCDF Rule
Description
<VulnDiscussion>A successful disaster recovery plan requires that CAS policy and CAS policy configuration files are identified and included in systems disaster backup and recovery events. Documentation regarding the location of system and application specific CAS policy configuration files and the frequency in which backups occur is required. If these files are not identified and the information is not documented, there is the potential that critical application configuration files may not be included in disaster recovery events which could lead to an availability risk.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-225227r941356_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
All CAS policy and policy configuration files must be included in the system backup.
All CAS policy and policy configuration files must be backed up prior to migration, deployment, and reconfiguration.
CAS policy configuration files must be included in disaster recovery plan documentation.