The web server must provide a clustering capability.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-206406	SRG-APP-000225-WSR-000141	SV-206406r961122_rule		Medium

Description

The web server may host applications that display information that cannot be disrupted, such as information that is time-critical or life-threatening. In these cases, a web server that shuts down or ceases to be accessible when there is a failure is not acceptable. In these types of cases, clustering of web servers is used. Clustering of multiple web servers is a common approach to providing fail-safe application availability. To assure application availability, the web server must provide clustering or some form of failover functionality.

STIG	Date
Web Server Security Requirements Guide	2025-02-12

Details

Check Text (C-6667r377810_chk)

Review the web server documentation, deployed configuration, and risk analysis documentation to verify that the web server is configured to provide clustering functionality, if the web server is a high-availability web server.

If the web server is not a high-availability web server, this finding is NA.

If the web server is not configured to provide clustering or some form of failover functionality and the web server is a high-availability server, this is a finding.

Fix Text (F-6667r377811_fix)

Configure the web server to provide application failover, or participate in a web cluster that provides failover for high-availability web servers.