Title: Database backup procedures must be defined, documented, and implemented.
Vulnerability ID: V-32433
IA Controls: None
Description: Information system backup is a critical step in maintaining data assurance and availability.
User-level information is data generated by information system and/or application users. In order to assure availability of this data in the event of a system failure, DoD organizations are required to ensure user generated data is backed up at a defined frequency. This includes data stored on file systems, within databases or within any other storage media.
Applications performing backups must be capable of backing up user-level information per the DoD defined frequency.
Database backups provide the required means to restore databases after compromise or loss. Backups help reduce the vulnerability to unauthorized access or hardware loss.
Check Text: Review the database backup procedures and implementation evidence. Evidence of implementation includes records of backup events and physical review of backup media.
Evidence should match the backup plan as recorded in the system documentation. If backup procedures do not exist or are not implemented in accordance with the procedures, this is a finding.
Fix Text: Develop, document, and implement database backup procedures.[divider]