UCF STIG Viewer Logo

DBMS backup and restoration files should be protected from unauthorized access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15120 DG0064-SQLServer9 SV-24189r1_rule COBR-1 Medium
Description
Lost or compromised DBMS backup and restoration files may lead to not only the loss of data, but also the unauthorized access to sensitive data. Backup files need the same protections against unauthorized access when stored on backup media as when online and actively in use by the database system. In addition, the backup media needs to be protected against physical loss. Most DBMSs maintain online copies of critical control files to provide transparent or easy recovery from hard disk loss or other interruptions to database operation.
STIG Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide 2015-06-16

Details

Check Text ( C-20367r1_chk )
Review file protections assigned to online backup and restoration files.

Review access protections and procedures for offline backup and restoration files.

If backup or restoration files are subject to unauthorized access, this is a Finding.

It may be necessary to review backup and restoration procedures to determine ownership and access during all phases of backup and recovery. In addition to physical and host system protections, consider other methods including password protection to the files.
Fix Text (F-24535r1_fix)
Develop, document and implement protection for backup and restoration files.

Document personnel and the level of access authorized for each to the backup and restoration files in the System Security Plan.