5.2 Protect backups

Information

Backups of your database should be stored securely in a location with full access for administrators, read and execute access for group, and no access for users.

Backups may contain sensitive data that attackers can use to retrieve valuable information about the organization.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Define a security policy for all backups that specifies the privileges they should be assigned.

See Also

https://workbench.cisecurity.org/files/1654