STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must provide a clustering capability.

DISA Rule

SV-204768r508029_rule

Vulnerability Number

V-204768

Group Title

SRG-APP-000225

Rule Version

SRG-APP-000225-AS-000154

Severity

CAT II

CCI(s)

• CCI-001190 - The information system fails to an organization-defined known-state for organization-defined types of failures.

Weight

10

Fix Recommendation

This requirement is dependent upon system MAC and confidentiality.

If the system MAC and confidentiality levels do not specify redundancy requirements, this requirement is NA.

Configure the application server to provide application failover or participate in an application cluster which provides failover.

Check Contents

This requirement is dependent upon system MAC and confidentiality.

If the system MAC and confidentiality levels do not specify redundancy requirements, this requirement is NA.

Review the application server configuration and documentation to ensure the application server is configured to provide clustering functionality.

If the application server is not configured to provide clustering or some form of failover functionality, this is a finding.

Vulnerability Number

V-204768

Documentable

False

Rule Version

SRG-APP-000225-AS-000154

Severity Override Guidance

This requirement is dependent upon system MAC and confidentiality.

If the system MAC and confidentiality levels do not specify redundancy requirements, this requirement is NA.

Review the application server configuration and documentation to ensure the application server is configured to provide clustering functionality.

If the application server is not configured to provide clustering or some form of failover functionality, this is a finding.

Check Content Reference

M

Target Key

2900

Comments