STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

The DataPower Gateway must support organizational requirements to conduct backups of system level information contained in the information system when changes occur or weekly, whichever is sooner.

DISA Rule

SV-79673r1_rule

Vulnerability Number

V-65183

Group Title

SRG-APP-000516-NDM-000340

Rule Version

WSDP-NM-000138

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.
CCI-000537 - The organization conducts backups of system-level information contained in the information system per organization-defined frequency that is consistent with recovery time and recovery point objectives.

Weight

Fix Recommendation

Go to Administration >> Main >> System Control and configure Secure Backup. Go to Administration >> Configuration >> Export Configuration to do the backup. This can be automated via external scripting or Scheduled Rule - XML Manager in default domain.

Check Contents

Go to Administration >> Main >> System Control. Verify Secure Backup. If it is not configured, this is a finding.

Vulnerability Number

V-65183

Documentable

False

Rule Version

WSDP-NM-000138

Severity Override Guidance

Go to Administration >> Main >> System Control. Verify Secure Backup. If it is not configured, this is a finding.

Check Content Reference

Target Key

2861

The DataPower Gateway must support organizational requirements to conduct backups of system level information contained in the information system when changes occur or weekly, whichever is sooner.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments