SQL Server backup procedures must be defined, documented, and implemented.

From Microsoft SQL Server 2012 Database Instance Security Technical Implementation Guide

Associated with: CCI-000535

SV-53283r2_rule SQL Server backup procedures must be defined, documented, and implemented.

Vulnerability discussion

SQL Server backup is a critical step in maintaining data assurance and availability.User-level information is data generated by the information system and/or application users. In order to assure availability of this data in the event of a system failure, DoD organizations are required to ensure user-generated data is backed up at a defined frequency. This includes data stored on file systems, within SQL Server or within any other storage media.Applications performing backups must be configured to back up user-level information per the DoD-defined frequency.SQL Server Database backups provide the required means to restore databases after compromise or loss. Backups help reduce the vulnerability to unauthorized access or hardware loss.

Check content

Review the database backup procedures and implementation evidence. Evidence of implementation includes records of backup events and physical review of backup media. Evidence should match the backup plan as recorded in the system documentation. If backup procedures do not exist or are not implemented in accordance with the procedures, this is a finding.

Fix text

Develop, document, and implement database backup procedures.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.