The designer will ensure the web service design includes redundancy of critical functions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19690 | APP3770 | SV-21831r2_rule | DCSQ-1 | Medium |
| Description |
|---|
| Because of potential denial of service, web services should be designed to be redundant. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-12-22 |
Details
| Check Text ( C-24087r2_chk ) |
|---|
| Ask the application representative for the design document. Review the design document for web services. Review the design and verify there is redundancy for web services. Redundancy may be accomplished by deploying the same web service over multiple network devices. For MAC I systems: 1) If the design document does not exist or does not indicate the existence of redundant web services or the application representative is not able to demonstrate redundant web services, it is a finding. 2) For MAC II and MAC III systems if the design document does not exist, it is a finding. The requirement for redundant web services is NA for MAC II and MAC III |
| Fix Text (F-23096r1_fix) |
|---|
| Setup multiple instances of the web service with different URLs. |