UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.


Overview

Finding ID Version Rule ID IA Controls Severity
V-57553 SRG-APP-000225-AS-000166 SV-71829r2_rule Medium
Description
Fail-secure is a condition achieved by the application server in order to ensure that in the event of an operational failure, the system does not enter into an unsecure state where intended security properties no longer hold. Preserving information system state information also facilitates system restart and return to the operational mode of the organization with less disruption of mission-essential processes.
STIG Date
Application Server Security Requirements Guide 2018-09-13

Details

Check Text ( C-58261r1_chk )
Review application server documentation and configuration to determine if the application server fails to a secure state if system initialization fails, shutdown fails, or aborts fail.

If the application server cannot be configured to fail securely, this is a finding.
Fix Text (F-62621r1_fix)
Configure the application server to fail to a secure state if system initialization fails, shutdown fails, or aborts fail.