STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must provide a clustering capability.

DISA Rule

SV-54389r3_rule

Vulnerability Number

V-41812

Group Title

SRG-APP-000225-WSR-000141

Rule Version

SRG-APP-000225-WSR-000141

Severity

CAT II

CCI(s)

• CCI-001190 - The information system fails to an organization-defined known-state for organization-defined types of failures.

Weight

10

Fix Recommendation

Configure the web server to provide application failover, or participate in a web cluster that provides failover for high-availability web servers.

Check Contents

Review the web server documentation, deployed configuration, and risk analysis documentation to verify that the web server is configured to provide clustering functionality, if the web server is a high-availability web server.

If the web server is not a high-availability web server, this finding is NA.

If the web server is not configured to provide clustering or some form of failover functionality and the web server is a high-availability server, this is a finding.

Vulnerability Number

V-41812

Documentable

False

Rule Version

SRG-APP-000225-WSR-000141

Severity Override Guidance

Review the web server documentation, deployed configuration, and risk analysis documentation to verify that the web server is configured to provide clustering functionality, if the web server is a high-availability web server.

If the web server is not a high-availability web server, this finding is NA.

If the web server is not configured to provide clustering or some form of failover functionality and the web server is a high-availability server, this is a finding.

Check Content Reference

M

Target Key

2557

Comments