Backup and recovery procedures should be developed, documented, implemented and periodically tested.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15129 | DG0020-SQLServer9 | SV-24139r1_rule | CODP-1 CODP-2 CODP-3 | Medium |
| Description |
|---|
| Problems with backup procedures or backup media may not be discovered until after a recovery is needed. Testing and verification of procedures provides the opportunity to discover oversights, conflicts, or other issues in the backup procedures or use of media designed to be used. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-20371r1_chk ) |
|---|
| Review the testing and verification procedures documented in the System Security Plan. Review evidence of implementation of testing and verification procedures by reviewing logs from backup and recovery implementation. Logs may be in electronic or hardcopy and may include email or other notification. If testing and verification of backup and recovery procedures are not documented in the System Security Plan, this is a Finding. If evidence of testing and verification of backup and recovery procedures does not exist, this is a Finding. |
| Fix Text (F-22801r1_fix) |
|---|
| Develop, document and implement testing and verification procedures for database backup and recovery. Include requirements for documenting database backup and recovery testing and verification activities in the procedures. |