Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32436 | SRG-APP-000146-DB-000099 | SV-42773r1_rule | Medium |
Description |
---|
Information system backup is a critical step in maintaining data assurance and availability. System-level information includes: system-state information, operating system and application software, and licenses. Backups shall be consistent with organizational recovery time and recovery point objectives. Databases that do not backup information regularly risk the loss of that information in the event of a system failure. Most databases contain functionality to allow regular backups, it is important that this functionality is enabled and configured correctly to prevent data loss. |
STIG | Date |
---|---|
Database Security Requirements Guide | 2012-07-02 |
Check Text ( C-40878r2_chk ) |
---|
Review DBMS backup configuration to determine that system level data is backed up in according with organization defined frequency. If the system level data of the DBMS is not backed up to the organization defined frequency, this is a finding. |
Fix Text (F-36351r2_fix) |
---|
Utilize a DBMS or third party product, to meet the requirement, of backing up system data according to the organization defined frequency. |