8.2.7 Backup Your Keystore

Information

The keystore stores encryption keys used to encrypt your database. Losing the key will make the data inaccessible. If the keystore with encryption keys is lost, there is no way to decrypt the data.

Rationale:

The contents of your keystore are critical and it is important that you back up the keystore at regular intervals. Backups should be done whenever the contents of the keystore changes, such as when a key or certificate is added, a master key (MK) is rotated, or the password is changed.

For local keystore files, the configuration file is not included as part of a Db2 database backup and must be backed up manually.

For a centralized keystore, consult the documentation for your keystore product to understand their recommendations for keystore backups.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Regularly backup your keystore and stash files, using mechanisms outside of Db2.

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: CONTINGENCY PLANNING

References: 800-53|CP-9, 800-53|CP-10, CSCv7|10.2

Plugin: IBM_DB2DB

Control ID: 52bf657b38c65b84b9844025dfd8d13af690037bed7c56fbd6bf49238cb722b0