STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.

DISA Rule

SV-214336r505936_rule

Vulnerability Number

V-214336

Group Title

SRG-APP-000225-WSR-000140

Rule Version

AS24-W1-000550

Severity

CAT II

CCI(s)

• CCI-001190 - The information system fails to an organization-defined known-state for organization-defined types of failures.

Weight

10

Fix Recommendation

Prepare documentation for disaster recovery methods for the Apache 2.4 web server in the event of the necessity for rollback.

Document and test the disaster recovery methods designed.

Check Contents

Interview the System Administrator for the Apache 2.4 web server.

Ask for documentation on the disaster recovery methods tested and planned for the Apache 2.4 web server in the event of the necessity for rollback.

If documentation for a disaster recovery has not been established, this is a finding.

Vulnerability Number

V-214336

Documentable

False

Rule Version

AS24-W1-000550

Severity Override Guidance

Interview the System Administrator for the Apache 2.4 web server.

Ask for documentation on the disaster recovery methods tested and planned for the Apache 2.4 web server in the event of the necessity for rollback.

If documentation for a disaster recovery has not been established, this is a finding.

Check Content Reference

M

Target Key

3998

Comments