DBMS must conduct backups of system-level information per organization-defined frequency that is consistent with recovery time and recovery point objectives.

From Oracle Database 12c Security Technical Implementation Guide

Part of SRG-APP-000146-DB-000099

Associated with: CCI-000537

SV-76191r1_rule DBMS must conduct backups of system-level information per organization-defined frequency that is consistent with recovery time and recovery point objectives.

Vulnerability discussion

Information system backup is a critical step in maintaining data assurance and availability.System-level information includes: system-state information, operating system and application software, and licenses.Backups shall be consistent with organizational recovery time and recovery point objectives.Databases that do not back up information regularly risk the loss of that information in the event of a system failure. Most databases contain functionality to allow regular backups; it is important that this functionality is enabled and configured correctly to prevent data loss.

Check content

Review DBMS and OS backup configuration to determine that system-level data is backed up in according with organization-defined frequency. If the system-level data of the DBMS is not backed up to the organization-defined frequency, this is a finding.

Fix text

Utilize DBMS, OS, or third-party product(s) to meet the requirement of backing up system data according to the organization-defined frequency.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer