STIGQter STIGQter: STIG Summary: VMware ESX 3 Server Version: 1 Release: 2 Benchmark Date: 22 Jul 2016: The ESX Servers and management servers are not backed up in accordance to the MAC level of the servers.

DISA Rule

SV-16793r1_rule

Vulnerability Number

V-15852

Group Title

The ESX Servers are not backed up.

Rule Version

ESX0530

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Backup the ESX and management servers in accordance to the MAC level.

Check Contents

1. Determine the MAC level of the ESX and management servers by asking the IAO/SA.
2. Once the MAC level is determined, locate the backup media or storage location.
For MAC I servers, a redundant secondary system is required that is not collocated.
For MAC II servers, daily backups are required with recovery media stored offline.
For MAC III servers, backups must be performed weekly.
3. Depending on the MAC level, verify the servers are backed up to media or storage within the
guidelines of the MAC level. If they are not, this is a finding.

Vulnerability Number

V-15852

Documentable

False

Rule Version

ESX0530

Severity Override Guidance

1. Determine the MAC level of the ESX and management servers by asking the IAO/SA.
2. Once the MAC level is determined, locate the backup media or storage location.
For MAC I servers, a redundant secondary system is required that is not collocated.
For MAC II servers, daily backups are required with recovery media stored offline.
For MAC III servers, backups must be performed weekly.
3. Depending on the MAC level, verify the servers are backed up to media or storage within the
guidelines of the MAC level. If they are not, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1386

Comments