STIGQter STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The log data and records from the Apache web server must be backed up onto a different system or media.

DISA Rule

SV-214316r505936_rule

Vulnerability Number

V-214316

Group Title

SRG-APP-000125-WSR-000071

Rule Version

AS24-W1-000210

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Document the web server backup procedures.

Check Contents

Interview the Information System Security Officer (ISSO), System Administrator (SA), Web Manager, Webmaster, or developers as necessary to determine whether a tested and verifiable backup strategy has been implemented for web server software as well as all web server data files.

Proposed Questions:
Who maintains the backup and recovery procedures?
Do you have a copy of the backup and recovery procedures?
Where is the off-site backup location?
Is the contingency plan documented?
When was the last time the contingency plan was tested?
Are the test dates and results documented?

If there is not a backup and recovery process for the web server, this is a finding.

Vulnerability Number

V-214316

Documentable

False

Rule Version

AS24-W1-000210

Severity Override Guidance

Interview the Information System Security Officer (ISSO), System Administrator (SA), Web Manager, Webmaster, or developers as necessary to determine whether a tested and verifiable backup strategy has been implemented for web server software as well as all web server data files.

Proposed Questions:
Who maintains the backup and recovery procedures?
Do you have a copy of the backup and recovery procedures?
Where is the off-site backup location?
Is the contingency plan documented?
When was the last time the contingency plan was tested?
Are the test dates and results documented?

If there is not a backup and recovery process for the web server, this is a finding.

Check Content Reference

M

Target Key

3998

Comments