The application server must be configured to fail over to another system in the event of audit subsystem failure.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35191 | SRG-APP-000109-AS-000070 | SV-46478r1_rule | Low |
| Description |
|---|
| It is critical that, when a system is at risk of failing to process audit logs as required, it detects and takes action to mitigate the failure. Application servers must be capable of failing over to another system upon detection of an application audit log processing failure. This will allow continual operation of the application while minimizing the loss of audit subsystem capability and audit logs. This requirement is dependent upon system MAC and confidentiality. If the system MAC and confidentiality levels do not specify redundancy requirements, this requirement is NA |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43569r5_chk ) |
|---|
| Review the systems accreditation documentation to determine system MAC and Confidentiality requirements. Review AS configuration settings to determine if the AS is configured to fail over operation to another system when the audit subsystem fails to operate. If the system MAC level specifies redundancy and the AS is not configured to fail over to another system when an audit subsystem failure occurs, this is a finding. If the system MAC level does not require redundancy, this requirement is NA. |
| Fix Text (F-39737r4_fix) |
|---|
| Configure the AS to fail over to another system when the auditing subsystem fails. |