Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Offsite Backups Mandated by MSVP "2.8 Backup and Disaster recovery" #1365

Closed
cmlh opened this issue Sep 5, 2022 · 5 comments
Closed

Support Offsite Backups Mandated by MSVP "2.8 Backup and Disaster recovery" #1365

cmlh opened this issue Sep 5, 2022 · 5 comments
Assignees
@tghosth
Labels
3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos _5.0 - prep This needs to be addressed to prepare 5.0

Comments

@cmlh
Copy link
Contributor

cmlh commented Sep 5, 2022

"2.8 Backup and Disaster recovery" of MVSP mandates Securely back up all data to a different location than where the application is running

V8.1 General Data Protection does not list this as a Requirement.

Should we include this as a new Requirement in the next release of ASVS?

The parent of this issue is #1151.
@tghosth tghosth mentioned this issue Dec 7, 2022
Closed
@tghosth tghosth self-assigned this Dec 7, 2022
@tghosth tghosth added 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos _5.0 - prep This needs to be addressed to prepare 5.0 labels Dec 7, 2022
@tghosth
Copy link
Collaborator

tghosth commented Dec 7, 2022

@set-reminder 4 weeks @tghosth to look at this

@octo-reminder
Copy link

octo-reminder bot commented Dec 7, 2022

Reminder
Wednesday, January 4, 2023 12:00 AM (GMT+01:00)

@tghosth to look at this

@elarlang
Copy link
Collaborator

Securely back up all data to a different location than where the application is running

Related requirements and related opened issue: #1462

# Description L1 L2 L3 CWE
8.1.5 Verify that regular backups of important data are performed and that test restoration of data is performed. 19
8.1.6 Verify that backups are stored securely to prevent data from being stolen or corrupted. 19

@tghosth
Copy link
Collaborator

tghosth commented Jan 1, 2023

There seems to be widespread support in #1462 for reducing or removing these requirements so I don't think we are going to add more requirements around this.

@tghosth tghosth closed this as completed Jan 1, 2023
@octo-reminder
Copy link

octo-reminder bot commented Jan 3, 2023

🔔 @tghosth

@tghosth to look at this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tghosth tghosth

Labels
3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos _5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cmlh @tghosth @elarlang