Check: SRG-APP-000225-WSR-000141
Web Server SRG:
SRG-APP-000225-WSR-000141
(in versions v4 r2 through v2 r2)
Title
The web server must provide a clustering capability. (Cat II impact)
Discussion
The web server may host applications that display information that cannot be disrupted, such as information that is time-critical or life-threatening. In these cases, a web server that shuts down or ceases to be accessible when there is a failure is not acceptable. In these types of cases, clustering of web servers is used. Clustering of multiple web servers is a common approach to providing fail-safe application availability. To assure application availability, the web server must provide clustering or some form of failover functionality.
Check Content
Review the web server documentation, deployed configuration, and risk analysis documentation to verify that the web server is configured to provide clustering functionality, if the web server is a high-availability web server. If the web server is not a high-availability web server, this finding is NA. If the web server is not configured to provide clustering or some form of failover functionality and the web server is a high-availability server, this is a finding.
Fix Text
Configure the web server to provide application failover, or participate in a web cluster that provides failover for high-availability web servers.
Additional Identifiers
Rule ID: SV-206406r961122_rule
Vulnerability ID: V-206406
Group Title: SRG-APP-000225
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001190 |
Fail to an organization-defined known-system state for the list of organization-defined types of system failures on organization-defined system components on the indicated components while preserving organization-defined system state information in failure. |
Controls
| Number | Title |
|---|---|
| SC-24 |
Fail in Known State |