STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Database recovery procedures must be developed, documented, implemented, and periodically tested.

DISA Rule

SV-237721r667195_rule

Vulnerability Number

V-237721

Group Title

SRG-APP-000516-DB-000363

Rule Version

O121-C2-012400

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Develop, document, and implement testing and verification procedures for database backup and recovery. Include requirements for documenting database backup and recovery testing and verification activities in the procedures.

Check Contents

Review the testing and verification procedures documented in the system documentation. Review evidence of implementation of testing and verification procedures by reviewing logs from backup and recovery implementation. Logs may be in electronic form or hardcopy and may include email or other notification.

If testing and verification of backup and recovery procedures is not documented in the system documentation, this is a finding.

If evidence of testing and verification of backup and recovery procedures does not exist, this is a finding.

Vulnerability Number

V-237721

Documentable

False

Rule Version

O121-C2-012400

Severity Override Guidance

Review the testing and verification procedures documented in the system documentation. Review evidence of implementation of testing and verification procedures by reviewing logs from backup and recovery implementation. Logs may be in electronic form or hardcopy and may include email or other notification.

If testing and verification of backup and recovery procedures is not documented in the system documentation, this is a finding.

If evidence of testing and verification of backup and recovery procedures does not exist, this is a finding.

Check Content Reference

M

Target Key

4059

Comments