STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The web service design must include redundancy mechanisms when used with high-availability systems.

DISA Rule

SV-222595r508029_rule

Vulnerability Number

V-222595

Group Title

SRG-APP-000247

Rule Version

APSC-DV-002410

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Build the application to address issues that are found in a redundant environment and utilize redundancy mechanisms to provide high availability.

Check Contents

Interview the application administrator and review the system documentation to determine if the application has been designated as a high availability system and if the application is designed to operate in a high availability environment.

If the application has not been designated as a high availability system, this requirement is not applicable.

Review the application architecture documentation and identify solutions that provide application DoS protections.

Verify the application has been built to work in a clustered or otherwise high availability environment in accordance with documented availability requirements.

This includes:

- load balancers
- redundant systems such as multiple web, application servers or DB servers
- high bandwidth or redundant data circuits
- multiple data centers (geographic dispersal)
- server clusters

If the application has been designated as high availability but the architecture is not built to high availability standards, this is a finding.

Vulnerability Number

V-222595

Documentable

False

Rule Version

APSC-DV-002410

Severity Override Guidance

Interview the application administrator and review the system documentation to determine if the application has been designated as a high availability system and if the application is designed to operate in a high availability environment.

If the application has not been designated as a high availability system, this requirement is not applicable.

Review the application architecture documentation and identify solutions that provide application DoS protections.

Verify the application has been built to work in a clustered or otherwise high availability environment in accordance with documented availability requirements.

This includes:

- load balancers
- redundant systems such as multiple web, application servers or DB servers
- high bandwidth or redundant data circuits
- multiple data centers (geographic dispersal)
- server clusters

If the application has been designated as high availability but the architecture is not built to high availability standards, this is a finding.

Check Content Reference

M

Target Key

4093

Comments