A successful disaster recovery plan requires that CAS policy and CAS policy configuration files are identified and included in systems disaster backup and recovery events. Documentation regarding the location of system and application specific CAS policy configuration files and the frequency in which backups occur is required. If these files are not identified and the information is not documented, there is the potential that critical application configuration files may not be included in disaster recovery events which could lead to an availability risk.
NOTE: Please review the benchmark to ensure target compliance.
All CAS policy and policy configuration files must be included in the system backup.
All CAS policy and policy configuration files must be backed up prior to migration, deployment, and reconfiguration.
CAS policy configuration files must be included in disaster recovery plan documentation.
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Windows.