UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Database recovery procedures must be developed, documented, implemented, and periodically tested.


Overview

Finding ID Version Rule ID IA Controls Severity
V-237721 O121-C2-012400 SV-237721r667195_rule Medium
Description
Information system backup is a critical step in maintaining data assurance and availability. User-level information is data generated by information system and/or application users. In order to assure availability of this data in the event of a system failure, DoD organizations are required to ensure user-generated data is backed up at a defined frequency. This includes data stored on file systems, within databases or within any other storage media. Applications performing backups must be capable of backing up user-level information per the DoD-defined frequency. Problems with backup procedures or backup media may not be discovered until after a recovery is needed. Testing and verification of procedures provides the opportunity to discover oversights, conflicts, or other issues in the backup procedures or use of media designed to be used.
STIG Date
Oracle Database 12c Security Technical Implementation Guide 2021-12-13

Details

Check Text ( C-40940r667193_chk )
Review the testing and verification procedures documented in the system documentation. Review evidence of implementation of testing and verification procedures by reviewing logs from backup and recovery implementation. Logs may be in electronic form or hardcopy and may include email or other notification.

If testing and verification of backup and recovery procedures is not documented in the system documentation, this is a finding.

If evidence of testing and verification of backup and recovery procedures does not exist, this is a finding.
Fix Text (F-40903r667194_fix)
Develop, document, and implement testing and verification procedures for database backup and recovery. Include requirements for documenting database backup and recovery testing and verification activities in the procedures.