UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Database backup procedures must be defined, documented, and implemented.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32433 SRG-APP-000145-DB-000096 SV-42770r1_rule Medium
Description
Information system backup is a critical step in maintaining data assurance and availability. User-level information is data generated by information system and/or application users. In order to assure availability of this data in the event of a system failure, DoD organizations are required to ensure user generated data is backed up at a defined frequency. This includes data stored on file systems, within databases or within any other storage media. Applications performing backups must be capable of backing up user-level information per the DoD defined frequency. Database backups provide the required means to restore databases after compromise or loss. Backups help reduce the vulnerability to unauthorized access or hardware loss.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40875r2_chk )
Review the database backup procedures and implementation evidence. Evidence of implementation includes records of backup events and physical review of backup media.

Evidence should match the backup plan as recorded in the system documentation. If backup procedures do not exist or are not implemented in accordance with the procedures, this is a finding.
Fix Text (F-36348r1_fix)
Develop, document, and implement database backup procedures.