Information
Recovery of a damaged or compromised system in a timely basis is difficult without a system information backup. A system backup will usually include sensitive information such as user accounts that could be used in an attack. As a valuable system resource, the system backup should be protected and stored in a physically secure location.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Implement backup procedures that comply with the following requirements:
-Maintain emergency system recovery data.
-The emergency system recovery data is protected from destruction and stored in a locked storage container.
-The emergency system recovery data is updated following the last system modification.