This rule ensures that RDS DB instances are included in a backup plan for data protection.
Rule | RDS DB instances should be in a backup plan |
Framework | NIST Cybersecurity Framework (CSF) v1.1 |
Severity | ✔ High |
Rule Description:
According to the NIST Cybersecurity Framework (CSF) v1, it is recommended to include RDS (Relational Database Service) DB instances in a backup plan. This ensures that data stored in the RDS instances is regularly backed up, minimizing the risk of data loss due to accidental deletion, hardware failure, or security incidents.
Troubleshooting Steps:
Verify Backup Settings: Check if the RDS instance has an active automated backup enabled. To do this:
Check Backup Retention Period: Confirm that the backup retention period is set appropriately based on your specific requirements. To verify and update the retention period:
Verify Backup Window: Ensure that the backup window is defined to minimize any impact on production database performance. To check and modify the backup window:
Test Data Restoration: Perform a test data restoration to verify the backup and restoration process. This ensures that the backups are valid and can be restored when needed. You can follow these steps:
Necessary Codes:
There are no specific codes required for this rule.
Step-by-Step Guide for Remediation:
Note:
Implementing regular backups for RDS DB instances not only fulfills the NIST Cybersecurity Framework requirements, but it also provides an essential layer of protection against data loss and aids in disaster recovery efforts. Regularly reviewing and testing backup processes is crucial to ensure the reliability and availability of your databases.