From Application Server Security Requirements Guide
Part of SRG-APP-000225-AS-000166
Associated with: CCI-001190
Fail-secure is a condition achieved by the application server in order to ensure that in the event of an operational failure, the system does not enter into an unsecure state where intended security properties no longer hold. Preserving information system state information also facilitates system restart and return to the operational mode of the organization with less disruption of mission-essential processes.
Review application server documentation and configuration to determine if the application server fails to a secure state if system initialization fails, shutdown fails, or aborts fail. If the application server cannot be configured to fail securely, this is a finding.
Configure the application server to fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Lavender hyperlinks in small type off to the right (of CSS
id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header
Powered by sagemincer