SQL2-00-018200 - SQL Server backups of system-level information per organization-defined frequency must be performed that is consistent with recovery time and recovery point objectives.

Information

SQL Server backups are a critical step in maintaining data assurance and availability.

System-level information includes: system-state information, operating system and application software, and licenses.

Backups shall be consistent with organizationally defined recovery time and recovery point objectives.

SQL Server depends upon the availability and integrity of its system-level information. Without backups, compromise or loss of system-level information can prevent a successful recovery of SQL Server operations. If SQL Server system-level information is not backed up regularly this risks the loss of SQL Server data in the event of a system failure.

A mixture of full and incrementally server level backups that backup the system-level information would satisfy this requirement.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Deploy a backup solution to perform backups as per organizationally defined Backup Policy.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2012_V1R20_STIG.zip

Item Details

Category: CONTINGENCY PLANNING

References: 800-53|CP-9b., CAT|II, CCI|CCI-000537, Rule-ID|SV-53280r2_rule, STIG-ID|SQL2-00-018200, Vuln-ID|V-40926

Plugin: MS_SQLDB

Control ID: 28d947019d94ed95bf48b1ac113d6b8edc0dfd7263b3b2aa874aff894936d725