SQL2-00-018200 - SQL Server backups of system-level information per organization-defined frequency must be performed that is consistent with recovery time and recovery point objectives.


SQL Server backups are a critical step in maintaining data assurance and availability.

System-level information includes: system-state information, operating system and application software, and licenses.

Backups shall be consistent with organizationally defined recovery time and recovery point objectives.

SQL Server depends upon the availability and integrity of its system-level information. Without backups, compromise or loss of system-level information can prevent a successful recovery of SQL Server operations. If SQL Server system-level information is not backed up regularly this risks the loss of SQL Server data in the event of a system failure.

A mixture of full and incrementally server level backups that backup the system-level information would satisfy this requirement.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Deploy a backup solution to perform backups as per organizationally defined Backup Policy.

See Also


Item Details


References: 800-53|CP-9b., CAT|II, CCI|CCI-000537, Rule-ID|SV-53280r2_rule, STIG-ID|SQL2-00-018200, Vuln-ID|V-40926

Plugin: MS_SQLDB

Control ID: d60e704adb7a10586923acbada4fd62701523f6fcc5c54058e3c3db43ae660be