AOS must be configured to conduct backups of system-level information contained in the information system when changes occur.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-266971 | SRG-APP-000516-NDM-000340 | ARBA-ND-000340 | SV-266971r1039934_rule | 2024-10-29 | 1 |
| Description |
|---|
| System-level information includes default and customized settings and security attributes, including Access Control Lists (ACLs) that relate to the network device configuration, as well as software required for the execution and operation of the device. Information system backup is a critical step in ensuring system integrity and availability. If the system fails and there is no backup of the system-level information, a denial-of-service condition is possible for all who use this critical network component. This control requires the network device to support the organizational central backup process for system-level information associated with the network device. This function may be provided by the network device itself; however, the preferred best practice is a centralized backup rather than each network device performing discrete backups. |
| ℹ️ Check |
|---|
| Review the site's backup policy to verify plans and procedures are in place to back up AOS configurations when changes occur. If the site does not have a policy to back up AOS configurations when changes occur, this is a finding. |
| ✔️ Fix |
|---|
| Configure AOS with the following commands: 1. In the AOS CLI, create the backup file: backup config <filename> 2. Copy the file to a central server: copy flash: <filename> scp: <scp server IPv4 or IPv6 address> <username> <destination filename> |