Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instances Should Be in a Backup Plan

Ensure RDS DB instances are included in a backup plan to maintain data security and integrity.

RuleRDS DB instances should be in a backup plan
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
High

Rule Description:

According to the NIST Cybersecurity Framework (CSF) v1, it is recommended to include RDS DB instances in a comprehensive backup plan. This is to ensure the availability and integrity of the database and to protect against data loss in case of any unforeseen events or cybersecurity incidents.

Troubleshooting Steps:

  2. 1.
    Check if the RDS DB instances are included in the backup plan.
  4. 2.
    Verify the frequency of backups and ensure it aligns with the organization's data retention policies.
  6. 3.
    Confirm that the backups are being stored in a secure location, away from the production environment.
  8. 4.
    Review the backup and restore processes to ensure they are documented and easily accessible.
  10. 5.
    Evaluate the recovery time objectives (RTO) and recovery point objectives (RPO) to determine if they meet business needs.
  12. 6.
    Check if the backups are scheduled and running successfully without any errors or warnings.
  14. 7.
    Validate the backup retention policy, ensuring that backups are retained for an appropriate duration.

Necessary Codes:

There are no specific codes associated with this rule/policy. However, you can use AWS CLI commands or AWS Management Console to manage and verify your RDS DB instance backups.

Step-by-Step Guide for Remediation:

  2. 1.
    Log in to the AWS Management Console.
  4. 2.
    Navigate to the Amazon RDS service.
  6. 3.
    Select the appropriate AWS Region where your RDS DB instances are located.
  8. 4.
    From the left-hand menu, click on "Snapshots" under the "Database" section.
  10. 5.
    Review the existing snapshots to check if the RDS DB instances are being backed up.
  12. 6.
    Click on "Create Snapshot" to manually create a snapshot if needed.
  14. 7.
    Set a meaningful name for the snapshot and add any required description.
  16. 8.
    Select the appropriate RDS DB instance from the dropdown menu.
  18. 9.
    Click on "Create Snapshot" to initiate the backup process.
  20. 10.
    Monitor the progress and wait for the snapshot to be completed.
  22. 11.
    Once the snapshot is created successfully, you can view it in the list of snapshots.
  24. 12.
    Make sure to configure an automated backup schedule for your RDS DB instances, if not already set.
  26. 13.
    Modify the backup retention period to comply with your organization's requirements.
  28. 14.
    Regularly monitor the snapshot status and validate that the backups are running without any issues.
  30. 15.
    Document the backup and restore processes and ensure they are easily accessible in case of an incident or recovery requirement.

Following these steps will help you ensure that your RDS DB instances are included in a backup plan as per the NIST Cybersecurity Framework (CSF) v1.

Is your System Free of Underlying Vulnerabilities?
Find Out Now