Free DISA STIG and SRG Library | Vaulted

V-57553

The application server must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.

Finding ID
SRG-APP-000225-AS-000166
Rule ID
SV-71829r2_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000225-AS-000166
CCI
CCI-001190
Target Key
(None)
Documentable
No
Discussion

Fail-secure is a condition achieved by the application server in order to ensure that in the event of an operational failure, the system does not enter into an unsecure state where intended security properties no longer hold. Preserving information system state information also facilitates system restart and return to the operational mode of the organization with less disruption of mission-essential processes.

Fix Text

Configure the application server to fail to a secure state if system initialization fails, shutdown fails, or aborts fail.

Check Content

Review application server documentation and configuration to determine if the application server fails to a secure state if system initialization fails, shutdown fails, or aborts fail. If the application server cannot be configured to fail securely, this is a finding.