The designer will ensure transaction based applications implement transaction rollback and transaction journaling.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16791 | APP3200 | SV-17791r1_rule | ECDC-1 | Low |
| Description |
|---|
| Transaction based systems must have transaction rollback and transaction journaling, or technical equivalents implemented to ensure the system can recover from an attack or faulty transaction data. Otherwise, a denial of service condition could result. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-12-22 |
Details
| Check Text ( C-17779r1_chk ) |
|---|
| If the application is not a transaction based application that stores and retrieves data, this check is not applicable. Ask the application representative if the application uses a database to store information. If the application utilizes Oracle, SYBASE, or Microsoft SQL Server, then support for journaling and rollback is already present in the tools. Note: Microsoft Access does not support journaling and rollback. If Microsoft Access is used, ask the application representative to demonstrate the rollback and journaling features of the application. 1) If the application representative cannot demonstrate support for journaling and rollback, it is a finding. |
| Fix Text (F-17008r1_fix) |
|---|
| Implement rollback and journaling features in the application or incorporate products with rollback and journaling features. |