STIGQter STIGQter: STIG Summary: Apache Server 2.4 UNIX Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The log data and records from the Apache web server must be backed up onto a different system or media.

DISA Rule

SV-214237r612240_rule

Vulnerability Number

V-214237

Group Title

SRG-APP-000125-WSR-000071

Rule Version

AS24-U1-000210

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Document the web server backup procedures.

Check Contents

Interview the Information System Security Officer, System Administrator, Web Manager, Webmaster, or developers as necessary to determine whether a tested and verifiable backup strategy has been implemented for web server software and all web server data files.

Proposed questions:
- Who maintains the backup and recovery procedures?
- Do you have a copy of the backup and recovery procedures?
- Where is the off-site backup location?
- Is the contingency plan documented?
- When was the last time the contingency plan was tested?
- Are the test dates and results documented?

If there is not a backup and recovery process for the web server, this is a finding.

Vulnerability Number

V-214237

Documentable

False

Rule Version

AS24-U1-000210

Severity Override Guidance

Interview the Information System Security Officer, System Administrator, Web Manager, Webmaster, or developers as necessary to determine whether a tested and verifiable backup strategy has been implemented for web server software and all web server data files.

Proposed questions:
- Who maintains the backup and recovery procedures?
- Do you have a copy of the backup and recovery procedures?
- Where is the off-site backup location?
- Is the contingency plan documented?
- When was the last time the contingency plan was tested?
- Are the test dates and results documented?

If there is not a backup and recovery process for the web server, this is a finding.

Check Content Reference

M

Target Key

3996

Comments