The vAMI installation procedures must be part of a complete vRealize Automation deployment.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-90235	VRAU-VA-000310	SV-100885r1_rule		Medium

Description
Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. When an application is deployed to the vAMI, if the deployment process does not complete properly and without errors, there is the potential that some application files may not be deployed or may be corrupted and an application error may occur during runtime. The vAMI must be able to perform complete application deployments. A partial deployment can leave the server in an inconsistent state. Application servers may provide a transaction rollback function to address this issue.

Description

Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. When an application is deployed to the vAMI, if the deployment process does not complete properly and without errors, there is the potential that some application files may not be deployed or may be corrupted and an application error may occur during runtime. The vAMI must be able to perform complete application deployments. A partial deployment can leave the server in an inconsistent state. Application servers may provide a transaction rollback function to address this issue.

STIG	Date
VMW vRealize Automation 7.x vAMI Security Technical Implementation Guide	2018-10-12

Details

Check Text ( C-89927r1_chk )
Interview the ISSO and/or the SA. Determine if the vAMI was installed separately from a full installation of vRealize Automation. If the vAMI was installed independently of a full vRA installation, this is a finding.

Fix Text (F-96977r1_fix)
Reinstall the vRealize Automation instance as a complete package.