STIG ID - BACF1012: Perform System DASD Backups Regularly

Severity
: 2 - Medium
Regularly scheduled backups of operating environments is an often overlooked integrity exposure. If backups are not properly processed on a regular basis, implementation of a contingency plan would not include the data necessary to fully recover from any outage. A documented procedure for backing up the operating environment and all subsystems on a regular basis as well as details on storing the backups off site to prevent concurrent loss of the live production system and backup files is imperative.
This STIG article shows how to ensure there is a documented backup procedure in place and how to execute the procedure.
Your organization will ensure that the Information Security Systems Officer (ISSO) has documented procedures in place to backup the operating environment and all subsystems on a regularly scheduled interval, as required to recover the environment.
Identify Audit Finding
Review the following data to determine if you should consider remediation:
Follow these steps
:
  1. Check with the ISSO to determine if there is a documented procedure to ensure that your operating environment and all its subsystems are backed up on a regularly scheduled basis and that backups are stored offsite to prevent concurrent loss of the live production system and backup files. The recommended schedule is as follows:
    • Weekly and monthly full volume backup of volumes with low update activity, such as the operating system volumes.
    • Nightly backup of high update activity data sets and volumes, such as application system databases and user data volumes.
  2. If a documented procedure exists to ensure that your operating systems and all subsystems are backed up on a regular basis,
    your organization does not have an audit finding
    .
  3. If a documented procedure does not exists,
    your organization has an audit finding
    . See Remediate Audit Finding.
Remediate Audit Finding
The ISSO ensures that documented procedures for backing up the operating environment and all subsystems on a regular basis as well as details on storing the backups off site to prevent concurrent loss of the live production system and backup files is in place.
Follow these steps:
  1. The ISSO documents procedures to ensure that your operating environment and all its subsystems are backed up on a regularly scheduled basis and that backups are stored offsite to prevent concurrent loss of the live production system and backup files.
  2. Ensure the recommended schedule include the following:
    • Weekly and monthly full volume backup of volumes with low update activity, such as the operating system volumes.
    • Nightly backup of high update activity data sets and volumes, such as application system databases and user data volumes.
By ensuring your organization performs regularly scheduled backups your operating system and all subsystems, you prevent concurrent loss of the live production system and backup files.
Control Correlation Identifier (CCI)
A Control Correlation Identifier (CCI) list provides a standard identifier and description for each of the singular, actionable statements that comprise a control or best practice. The following CCIs are related to this STIG. For more information, see the National Institute of Standards and Technology website.
CCIs
: CCI-000537
CCI
:
CCI-000537
Published Date
:
2009-09-21
Definition
:
The organization conducts backups of system-level information contained in the information system per organization-defined frequency that is consistent with recovery time and recovery point objectives.
Type
:
policy
References
:
NIST: NIST SP 800-53 (v3): CP-9 (b)
NIST: NIST SP 800-53 Revision 4 (v4): CP-9 (b)
NIST: NIST SP 800-53A (v1): CP-9.1 (v)