WBSP-AS-000670 - The WebSphere Application Server high availability applications must be configured to fail over in log subsystem failure.

Information

This requirement is dependent upon system MAC and availability. If the system MAC and availability do not specify redundancy requirements, this requirement is NA.

It is critical that, when a system is at risk of failing to process logs as required, it detects and takes action to mitigate the failure.

Application servers must be capable of failing over to another system which can handle application and logging functions upon detection of an application log processing failure. This will allow continual operation of the application and logging functions while minimizing the loss of operation for the users and loss of log data.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

In the admin console, Click Servers >> Clusters >> WebSphere application server clusters.

Define a cluster for every high availability application as outlined in the System Security Plan documentation.

Refer to vendor documentation for steps on creating a fail over cluster.

See Also

http://iasecontent.disa.mil/stigs/zip/U_IBM_WebSphere_Traditional_V9-x_V1R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5b., CAT|III, CCI|CCI-000140, Rule-ID|SV-95965r1_rule, STIG-ID|WBSP-AS-000670, Vuln-ID|V-81251

Plugin: Unix

Control ID: 687055f9ebf8992e19b05413756d4f4be069463e6e0692865f9fd2e3a3798957