Skip to content

In the event of a system failure, SQL Server must preserve any information necessary to return to operations with least disruption to mission processes.

An XCCDF Rule

Description

<VulnDiscussion>Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. The existence and reliability of database backups is an essential aspect of the ability to fail to a known state. It helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Backups must be performed according to an appropriate schedule, and must be tested periodically to provide assurance that they can be used for restoring the database.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-81867r2_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Modify the system security plan, to include whether the database is static, the correct recovery model to be used, the backup schedule, and the plan for testing database restoration.

In SQL Server Management Studio, Object Explorer, right-click on the name of the database; select Properties.  Select the Options page.  Set the Recovery Model field, near the top of the page, to the correct value.

In Object Explorer, expand  <server name>  >>  SQL Server Agent  >>  Jobs.  Create, modify and delete jobs to implement the backup schedule.   (Alternatively, this may done using T-SQL code.)