STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must shut down by default upon log failure (unless availability is an overriding concern).

DISA Rule

SV-204729r508029_rule

Vulnerability Number

V-204729

Group Title

SRG-APP-000109

Rule Version

SRG-APP-000109-AS-000068

Severity

CAT II

CCI(s)

• CCI-000140 - The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).

Weight

10

Fix Recommendation

If the application server is a high availability system, this finding is NA.

Configure the application server to shut down on a log failure.

Check Contents

If the application server is a high availability system, this finding is NA.

Review the application server configuration settings to determine if the application server is configured to shut down on a log failure.

If the application server is not configured to shut down on a log failure, this is a finding.

Vulnerability Number

V-204729

Documentable

False

Rule Version

SRG-APP-000109-AS-000068

Severity Override Guidance

If the application server is a high availability system, this finding is NA.

Review the application server configuration settings to determine if the application server is configured to shut down on a log failure.

If the application server is not configured to shut down on a log failure, this is a finding.

Check Content Reference

M

Target Key

2900

Comments