The Certificate used for encryption must be backed up, stored offline and off-site.

An XCCDF Rule

Description

<VulnDiscussion>Backup and recovery of the Certificate used for encryption is critical to the complete recovery of the database. Not having this key can lead to loss of data during recovery.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-213913r879642_rule
Severity: Medium
References: CCI-001199
Updated: 8 months ago

Document and implement procedures to safely back up and store the Certificate used for encryption. Include in the procedures methods to establish evidence of backup and storage, and careful, restricted access and restoration of the Certificate. Also, include provisions to store the backup off-site. 

BACKUP CERTIFICATE 'CertificateName' TO FILE = 'path_to_file' 
WITH PRIVATE KEY (FILE = 'path_to_pvk', ENCRYPTION BY PASSWORD = 'password'); 

As this requires a password, take care to ensure it is not exposed to unauthorized persons or stored as plain text.

The Certificate used for encryption must be backed up, stored offline and off-site.

Description

Remediation - Manual Procedure