RFC 3871           Operational Security Requirements      September 2004

   Justification.

      Restoration of archived configurations allows quick restoration of

      service following an outage (security related as well as from

      other causes).

   Examples.

      Configurations may be restored using SCP, SFTP or FTP over a

      secure channel.  See Section 2.1.1 for requirements related to

      secure communication channels for management protocols and data.

   Warnings.

      The security of the remote server is assumed, with appropriate

      measures being outside the scope of this document.

      Note that if passwords or other sensitive information are excluded

      from the saved copy of the configuration, as allowed by Section

      2.4.6, then the restore may not be complete.  The operator may

      have to set new passwords or supply other information that was not

      saved.

2.4.8.  Support Text Configuration Files

   Requirement.

      The device MUST support display, backup and restore of system

      configuration in a simple well defined textual format.  The

      configuration MUST also be viewable as text on the device itself.

      It MUST NOT be necessary to use a proprietary program to view the

      configuration.

   Justification.

      Simple, well defined textual configurations facilitate human

      understanding of the operational state of the device, enable off 

      line audits, and facilitate automation.  Requiring the use of a

      proprietary program to access the configuration inhibits these

      goals.

   Examples.

      A 7 bit ASCII configuration file that shows the current settings

      of the various configuration options would satisfy the

      requirement, as would a Unicode configuration or any other

      "textual" representation.  A structured binary format intended

      only for consumption by programs would not be acceptable.

Jones                        Informational                     [Page 28]