Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instance Protected by Backup Plan

Ensure RDS DB instances are protected by a backup plan. Critical for data security and disaster recovery.

RuleRDS DB instance should be protected by backup plan
FrameworkNIST 800-53 Revision 5
Severity
High

Rule Description

The rule states that every RDS (Relational Database Service) DB (Database) instance should have a backup plan in place to ensure compliance with NIST (National Institute of Standards and Technology) 800-53 Revision 5 security guidelines. This backup plan is essential for data preservation and disaster recovery purposes.

Troubleshooting Steps

  2. 1.
    Verify Backup Plan: Confirm if there is an existing backup plan configured for the RDS DB instance.
  4. 2.
    Review Backup Schedule: Check the backup schedule to ensure it meets the requirements outlined in NIST 800-53 Revision 5.
  6. 3.
    Check Backup Retention Period: Verify that the backup retention period is set appropriately to retain backups for the required duration.
  8. 4.
    Validate Backup Storage Location: Ensure that the backups are stored securely in a designated location with appropriate access controls.
  10. 5.
    Review Backup Policy: Validate that the backup policy aligns with NIST 800-53 Revision 5 guidelines regarding backup frequency, data integrity, and encryption.

Necessary Codes

There are no specific codes associated with this rule. However, you may need to use AWS CLI (Command-Line interface) commands to verify and configure the backup plan for your RDS DB instance.

Step-by-Step Guide

Please follow the steps below to remediate the rule violation:

  2. 1.
    Log in to the AWS Management Console.
  4. 2.
    Open the Amazon RDS service.
  6. 3.
    Select the appropriate region.
  8. 4.
    Choose the RDS DB instance that violates the rule.
  10. 5.
    Navigate to the "Backup & Restore" section.
  12. 6.
    Check if a backup plan is already configured for the DB instance.
    • If a backup plan exists, proceed to step 7.
    • If no backup plan is present, continue to step 9.
  14. 7.
    Review the backup schedule to ensure it aligns with NIST 800-53 Revision 5.
    • Ensure backups are performed at a frequency compliant with the policy.
    • Validate that the backup window accommodates the RDS DB instance workload and minimizes impact.
  16. 8.
    Verify the backup retention period.
    • Ensure the retention period meets the requirement mentioned in the policy.
  18. 9.
    Configure a backup plan if none exists.
    • Click on "Modify" in the "Backup & Restore" section.
    • Choose the desired backup retention period.
    • Configure the scheduled backup window as per the policy requirements.
  20. 10.
    Save the changes by clicking the "Apply Immediately" button.
  22. 11.
    Verify the storage location of the backups.
    • Ensure the backup data is stored securely in line with NIST 800-53 Revision 5 guidelines.
  24. 12.
    Validate that the backup policy includes encryption of backups as per the security standards.
  26. 13.
    Re-check the compliance status against the NIST 800-53 Revision 5 requirements.

By following these steps, you will remediate the rule violation and ensure that the RDS DB instance is protected by a backup plan that complies with the NIST 800-53 Revision 5 guidelines.

Is your System Free of Underlying Vulnerabilities?
Find Out Now