The application must support and must not impede organizational requirements to conduct backups of information system documentation including security-related documentation per organization-defined frequency.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35399	SRG-APP-000147-MAPP-NA	SV-46686r1_rule		Medium

Description
Information system backup is a critical step in maintaining data assurance and availability. Information system and security related documentation contains information pertaining to system configuration and security settings. Backups shall be consistent with organizational recovery time and recovery point objectives. Rationale for non-applicability: Mobile applications are presumed not to have local documentation. In most cases, this documentation would not be accessible to users if stored locally because applications do not have native document readers. If the local documentation were accessible by a document reader outside of the application, then any security information in that documentation would be vulnerable to disclosure.

Description

Information system backup is a critical step in maintaining data assurance and availability. Information system and security related documentation contains information pertaining to system configuration and security settings. Backups shall be consistent with organizational recovery time and recovery point objectives. Rationale for non-applicability: Mobile applications are presumed not to have local documentation. In most cases, this documentation would not be accessible to users if stored locally because applications do not have native document readers. If the local documentation were accessible by a document reader outside of the application, then any security information in that documentation would be vulnerable to disclosure.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43755r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-39945r1_fix)
The requirement is NA. No fix is required.