The operating system must conduct backups of system-level information contained in the information system per organization-defined frequency to conduct backups that are consistent with recovery time and recovery point objectives.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-216462 | SOL-11.1-090060 | SV-216462r959010_rule | CCI-000366 | medium |
| Description | ||||
| Operating system backup is a critical step in maintaining data assurance and availability. System-level information is data generated for/by the host (such as configuration settings) and/or administrative users. Backups shall be consistent with organizational recovery time and recovery point objectives. | ||||
| STIG | Date | |||
| Solaris 11 SPARC Security Technical Implementation Guide | 2025-05-05 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · 3 · disa_xccdf · related
Details
Check Text (C-216462r959010_chk)
The operations staff shall ensure that proper backups are created, tested, and archived.
Ask the operator for documentation on the backup procedures implemented.
If the backup procedures are not documented then this is a finding.
Fix Text (F-17696r371475_fix)
The operations staff shall install, configure, test, and verify operating system backup software.
Additionally, all backup procedures must be documented.