Trusted Recovery: A system failure is a serious security risk because the security controls might be overridden when the system is not functioning properly. Trusted recovery is designed to prevent this type of corruption in the event of such a system failure. It’s required for B3-level and A1-level systems and allows the system to be restarted without disrupting its required protection levels, and be able to recover and roll back without being afflicted after the failure. Two processes are involved in trusted recovery: preparing for system failure and recovering from system failure.
- Failure Preparation: Preparing for system failure entails running regular backups of all essential data. This preparation must allow full data recovery in a protected and orderly manner while protecting the continued security of the system. This process may also be needed if a system issue such as a faulty database or any kind of violation is detected, or if the system needs to be stopped and restarted.
- System Recovery: Secure system recovery methods include rebooting the system into a single-user mode so that no other user access is permitted at this time, recovering all file systems that were running at the time of the system failure, restoring any lost or corrupted files from the most recent backups; recovering the required security, and confirming the integrity of security-critical files, such as the system password file. Once these processes have been successfully performed and the system's data is secure, users can be allowed to access the system.
