STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

Recovery procedures and technical system features must exist so recovery is performed in a secure and verifiable manner. The ISSO will document circumstances inhibiting a trusted recovery.

DISA Rule

SV-222637r508029_rule

Vulnerability Number

V-222637

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003060

Severity

CAT II

CCI(s)

• CCI-000448 - The organization develops a contingency plan for the information system that provides metrics.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Create and maintain a disaster recovery plan.

Check Contents

Review disaster recovery plan.

Verify that a disaster recovery plan is in place for the application.

Verify that the recovery procedures include any special considerations for trusted recovery.

If the application is not part of the site’s disaster recovery plan, or if any special considerations for trusted recovery are not documented, this is a finding.

Vulnerability Number

V-222637

Documentable

False

Rule Version

APSC-DV-003060

Severity Override Guidance

Review disaster recovery plan.

Verify that a disaster recovery plan is in place for the application.

Verify that the recovery procedures include any special considerations for trusted recovery.

If the application is not part of the site’s disaster recovery plan, or if any special considerations for trusted recovery are not documented, this is a finding.

Check Content Reference

M

Target Key

4093

Comments