Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must fail securely in the event of an operational failure.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35437 | SRG-APP-000254-AS-000166 | SV-46724r1_rule | Medium |
| Description |
|---|
| Fail secure is a condition achieved by the application server in order to ensure that in the event of an operational failure, the system does not enter into an unsecure state where intended security properties no longer hold. An example of secure failure is when an application server is configured for secure LDAP (LDAPS) authentication. If the AS fails to make a successful LDAPS connection it does not try to use unencrypted LDAP instead. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43791r1_chk ) |
|---|
| Review AS documentation and configuration to determine if the AS fails securely in the event of an operational failure. If the AS cannot be configured to fail securely, this is a finding. |
| Fix Text (F-39981r1_fix) |
|---|
| Configure the AS to fail securely in the event of operational failure. |