DBMS must conduct backups of system-level information per organization defined frequency that is consistent with recovery time and recovery point objectives.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32436	SRG-APP-000146-DB-000099	SV-42773r1_rule		Medium

Description
Information system backup is a critical step in maintaining data assurance and availability. System-level information includes: system-state information, operating system and application software, and licenses. Backups shall be consistent with organizational recovery time and recovery point objectives. Databases that do not backup information regularly risk the loss of that information in the event of a system failure. Most databases contain functionality to allow regular backups, it is important that this functionality is enabled and configured correctly to prevent data loss.

Description

Information system backup is a critical step in maintaining data assurance and availability. System-level information includes: system-state information, operating system and application software, and licenses. Backups shall be consistent with organizational recovery time and recovery point objectives. Databases that do not backup information regularly risk the loss of that information in the event of a system failure. Most databases contain functionality to allow regular backups, it is important that this functionality is enabled and configured correctly to prevent data loss.

STIG	Date
Database Security Requirements Guide	2012-07-02

Details

Check Text ( C-40878r2_chk )
Review DBMS backup configuration to determine that system level data is backed up in according with organization defined frequency. If the system level data of the DBMS is not backed up to the organization defined frequency, this is a finding.

Fix Text (F-36351r2_fix)
Utilize a DBMS or third party product, to meet the requirement, of backing up system data according to the organization defined frequency.