UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DBMS backup and restoration files should be protected from unauthorized access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15120 DG0064-ORACLE10 SV-24636r1_rule COBR-1 Medium
Description
Lost or compromised DBMS backup and restoration files may lead to not only the loss of data, but also the unauthorized access to sensitive data. Backup files need the same protections against unauthorized access when stored on backup media as when online and actively in use by the database system. In addition, the backup media needs to be protected against physical loss. Most DBMSs maintain online copies of critical control files to provide transparent or easy recovery from hard disk loss or other interruptions to database operation.
STIG Date
Oracle Database 10g Installation STIG 2014-04-02

Details

Check Text ( C-29160r1_chk )
Review documented backup and restoration procedures to determine ownership and access during all phases of backup and recovery.

Review file protections assigned to online backup and restoration files and tools.

Review access, physical security protections and documented procedures for offline backup and restoration files and tools.

If implementation evidence indicates that backup or restoration files are subject to corruption, unauthorized access or physical loss, this is a Finding.
Fix Text (F-26172r1_fix)
Develop, document and implement protection for backup and restoration files.

Document personnel and the level of access authorized for each to backup and restoration files and tools.

In addition to physical and host system protections, consider other methods including password protection of the files.