Check: APSC-DV-003040
Application Security and Development STIG:
APSC-DV-003040
(in versions v5 r3 through v4 r2)
Title
The application must not be hosted on a general purpose machine if the application is designated as critical or high availability by the ISSO. (Cat II impact)
Discussion
Critical applications should not be hosted on a multi-purpose server with other applications. Applications that share resources are susceptible to the other shared application security defects. Even if the critical application is designed and deployed securely, an application that is not designed and deployed securely, can cause resource issues and possibly crash effecting the critical application.
Check Content
Ask the application representative to review the servers where the application is deployed. Ask what other applications are deployed on those servers. Identify the criticality of the applications installed on the system. If a mission critical application is deployed onto the same server as non-mission critical applications, this is a finding.
Fix Text
Deploy mission critical applications on servers that are not shared by other less critical applications.
Additional Identifiers
Rule ID: SV-222635r879887_rule
Vulnerability ID: V-222635
Group Title: SRG-APP-000516
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-002828 |
The organization identifies critical information system assets supporting essential missions. |