UCF STIG Viewer Logo

The application server must provide a clustering capability.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35424 SRG-APP-000225-AS-000154 SV-46711r3_rule Medium
Description
This requirement is dependent upon system MAC and confidentiality. If the system MAC and confidentiality levels do not specify redundancy requirements, this requirement is NA. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. When application failure is encountered, preserving application state facilitates application restart and return to the operational mode of the organization with less disruption of mission/business processes. Clustering of multiple application servers is a common approach to providing fail-safe application availability when system MAC and confidentiality levels require redundancy.
STIG Date
Application Server Security Requirements Guide 2015-08-28

Details

Check Text ( C-43775r2_chk )
This requirement is dependent upon system MAC and confidentiality.

If the system MAC and confidentiality levels do not specify redundancy requirements, this requirement is NA.

Review the application server configuration and documentation to ensure the application server is configured to provide clustering functionality.

If the application server is not configured to provide clustering or some form of failover functionality, this is a finding.
Fix Text (F-39968r2_fix)
This requirement is dependent upon system MAC and confidentiality.

If the system MAC and confidentiality levels do not specify redundancy requirements, this requirement is NA.

Configure the application server to provide application failover or participate in an application cluster which provides failover.