STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 2 hours ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Ivanti Policy Secure NDM Security Technical Implementation Guide

V-284539

CAT II (Medium)

The Ivanti Policy Secure must be configured to conduct backups of system level information contained in the information system when changes occur or weekly, whichever is sooner.

Rule ID

SV-284539r1244949_rule

STIG

Ivanti Policy Secure NDM Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000537

Discussion

System-level information includes default and customized settings and security attributes, including ACLs that relate to the network device configuration, as well as software required for the execution and operation of the device. Information system backup is a critical step in ensuring system integrity and availability. If the system fails and there is no backup of the system-level information, a denial of service condition is possible for all who use this critical network component. This control requires the network device to support the organizational central backup process for system-level information associated with the network device. This function may be provided by the network device itself; however, the preferred best practice is a centralized backup rather than each network device performing discrete backups.

Check Content

1. In the Ivanti Policy Secure Web UI, navigate to Maintenance >> Archiving >> Archive Servers.
2. Review the archive schedule to verify the configuration is configured to backup weekly, at a minimum.
3. Review the backup log to verify the backup is kicked off manually when system configuration occurs.

If backups of system level information are not scheduled for at least weekly, this is a finding.

Fix Text

1. In the Ivanti Policy Secure Web UI, navigate to Maintenance >> Archiving >> Archive Servers.
2. Click "SCP" if using an SFTP/SCP server, other mechanisms may not be allowed due to local security policy. Check with the information system security manager (ISSM) before configuring anything other than SCP.
3. Under "Archive Server", type the host name or IPv4/IPv6 address.
4. In "Destination Directory", type the path of the backup (e.g., "/backupfolder/ics/").
5. In the "Username" field, type the username with SCP/SFTP permissions on the backup server.
6. In the "Password" field, type the password.
7. Under "Archive Schedule" select "Archive System Configuration", then click the day of the week and time when the backup should be sent.
8. Under "Archive System Configuration", ensure a password is given to encrypt the backup.
9. Under "Archive Schedule", select "Archive User Accounts", then click the day of the week and time when the backup should be sent.
10. Under "Archive User Accounts", ensure a password is given to encrypt the backup.
11. Click "Save Changes".