Common Controls Hub
The organization must establish weekly data backup procedures for the network Intrusion Detection and Prevention System (IDPS) data.
IDPS data needs to be backed up to ensure preservation in the case a loss of data due to hardware failure or malicious activity.
Network Infrastructure Policy Security Technical Implementation Guide
Check Text ( C-7459r4_chk )
Interview the SA to determine the IDPS backup procedures as well as have SA display the backup files saved on the file server.
If the IDPS data is not backed up on a weekly basis, this is a finding.
Fix Text (F-7653r2_fix)
The organization must establish weekly backup procedures for the network IDS/IPS data.