APPNET0055 - CAS and policy configuration files must be backed up.

Information

A successful disaster recovery plan requires that CAS policy and CAS policy configuration files are identified and included in systems disaster backup and recovery events. Documentation regarding the location of system and application specific CAS policy configuration files and the frequency in which backups occur is required. If these files are not identified and the information is not documented, there is the potential that critical application configuration files may not be included in disaster recovery events which could lead to an availability risk.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

All CAS policy and policy configuration files must be included in the system backup.

All CAS policy and policy configuration files must be backed up prior to migration, deployment, and reconfiguration.

CAS policy configuration files must be included in disaster recovery plan documentation.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_DotNet_Framework_4-0_V2R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|II, CCI|CCI-000164, Rule-ID|SV-225227r615940_rule, STIG-ID|APPNET0055, STIG-Legacy|SV-7452, STIG-Legacy|V-7069, Vuln-ID|V-225227

Plugin: Windows

Control ID: 0807a76868084ec1258936b4610f98bb5ac9b1303b9fd62c76954a7fdd6560eb