DoD STIGs – V-32433


Title: Database backup procedures must be defined, documented, and implemented.

Vulnerability ID: V-32433


IA Controls: None

Severity: medium

Description: Information system backup is a critical step in maintaining data assurance and availability.

User-level information is data generated by information system and/or application users. In order to assure availability of this data in the event of a system failure, DoD organizations are required to ensure user generated data is backed up at a defined frequency. This includes data stored on file systems, within databases or within any other storage media.

Applications performing backups must be capable of backing up user-level information per the DoD defined frequency.

Database backups provide the required means to restore databases after compromise or loss. Backups help reduce the vulnerability to unauthorized access or hardware loss.

Check Text: Review the database backup procedures and implementation evidence. Evidence of implementation includes records of backup events and physical review of backup media.

Evidence should match the backup plan as recorded in the system documentation. If backup procedures do not exist or are not implemented in accordance with the procedures, this is a finding.

Fix Text: Develop, document, and implement database backup procedures.


Interpreting V-32433:

Coming Soon!

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.