Applications required to be non-modifiable must support organizational requirements to provide components that contain no writable storage capability. These components must be persistent across restart and/or power on/off.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35645	SRG-APP-000240-AS-NA	SV-46932r1_rule		Medium

Description
Organizations may require applications or application components to be non-modifiable or to be stored and executed on non-writable storage. Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image and eliminates the possibility of malicious code insertion. Application servers are installed and are modifiable. This requirement does not apply.

Description

Organizations may require applications or application components to be non-modifiable or to be stored and executed on non-writable storage. Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image and eliminates the possibility of malicious code insertion. Application servers are installed and are modifiable. This requirement does not apply.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43987r1_chk )
This requirement is NA for the AS SRG.

Fix Text (F-40187r1_fix)
The requirement is NA. No fix is required.