STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-24 — Fail in Known State

CCI-001190

Definition

Fail to an organization-defined known-system state for the list of organization-defined types of system failures on organization-defined system components on the indicated components while preserving organization-defined system state information in failure.

Parent Control

SC-24Fail in Known StateSystem and Communications Protection

Linked STIG Checks (81)

V-279069CAT IIColdFusion systems must provide clustering.Adobe ColdFusion Security Technical Implementation Guide V-214254CAT IIThe Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214289CAT IIThe Apache web server must augment re-creation to a stable and known baseline.Apache Server 2.4 UNIX Site Security Technical Implementation Guide V-214336CAT IIThe Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-214380CAT IIThe Apache web server must augment re-creation to a stable and known baseline.Apache Server 2.4 Windows Site Security Technical Implementation Guide V-222974CAT IIClusters must operate on a trusted network.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-204961CAT IIThe ALG must fail to a secure state upon failure of initialization, shutdown, or abort actions.Application Layer Gateway Security Requirements Guide V-222585CAT IThe application must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.Application Security and Development Security Technical Implementation Guide V-204742CAT IIThe application server must be capable of reverting to the last known good configuration in the event of failed installations and upgrades.Application Server Security Requirements Guide V-204767CAT IIThe application server must be configured to perform complete application deployments.Application Server Security Requirements Guide V-204768CAT IIThe application server must provide a clustering capability.Application Server Security Requirements Guide V-204769CAT IIThe application server must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.Application Server Security Requirements Guide V-251616CAT IIIIDMS executing in a local mode batch environment must be able to manually recover or restore database areas affected by failed transactions.CA IDMS Security Technical Implementation Guide V-219335CAT IIKernel core dumps must be disabled unless needed.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238334CAT IIThe Ubuntu operating system must disable kernel core dumps so that it can fail to a secure state if system initialization fails, shutdown fails or aborts fail.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260473CAT IIUbuntu 22.04 LTS must disable kernel core dumps so that it can fail to a secure state if system initialization fails, shutdown fails or aborts fail.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270746CAT IIUbuntu 24.04 LTS must disable kernel core dumps.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-233122CAT IIThe container platform runtime must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.Container Platform Security Requirements Guide V-206568CAT IIThe DBMS must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.Database Security Requirements Guide V-205185CAT IIThe DNS server implementation must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.Domain Name System (DNS) Security Requirements Guide V-260017CAT IIThe Enterprise Voice, Video, and Messaging Session Manager must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-206696CAT IIThe firewall must fail to a secure state upon the failure of the following: system initialization, shutdown, or system abort.Firewall Security Requirements Guide V-234148CAT IIThe FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly.Fortinet FortiGate Firewall Security Technical Implementation Guide V-203660CAT IIThe operating system must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.General Purpose Operating System Security Requirements Guide V-255813CAT IIThe MQ Appliance messaging server must provide a clustering capability.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-255881CAT IIIThe WebSphere Application Server must be configured to perform complete application deployments when using A/B clusters.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255882CAT IIIThe WebSphere Application servers with an RMF categorization of high must be in a high-availability (HA) cluster.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223956CAT IICA-TSS DOWN Control Option values must be properly specified.IBM z/OS TSS Security Technical Implementation Guide V-34749CAT IIThe IDPS must fail to a secure state which maintains access control mechanisms when the IDPS hardware, software, or firmware fails on initialization/shutdown or experiences a sudden abort during normal operation. Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-206884CAT IIThe IDPS must fail to a secure state which maintains access control mechanisms when the IDPS hardware, software, or firmware fails on initialization/shutdown or experiences a sudden abort during normal operation.Intrusion Detection and Prevention Systems Security Requirements Guide V-205518CAT IIThe Mainframe Product must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.Mainframe Product Security Requirements Guide V-253708CAT IIMariaDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.MariaDB Enterprise 10.x Security Technical Implementation Guide V-218806CAT IIThe IIS 10.0 web server must augment re-creation to a stable and known baseline.Microsoft IIS 10.0 Server Security Technical Implementation Guide V-242004CAT IIWindows Defender Firewall with Advanced Security local firewall rules must not be merged with Group Policy settings when connected to a public network.Microsoft Windows Defender Firewall with Advanced Security Security Technical Implementation Guide V-242005CAT IIWindows Defender Firewall with Advanced Security local connection rules must not be merged with Group Policy settings when connected to a public network.Microsoft Windows Defender Firewall with Advanced Security Security Technical Implementation Guide V-221177CAT IIMongoDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252141CAT IIMongoDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-235986CAT IIOracle WebLogic must be configured to perform complete application deployments.Oracle WebLogic Server 12c Security Technical Implementation Guide V-251240CAT IIRedis Enterprise DBMS must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.Redis Enterprise 6.x Security Technical Implementation Guide V-275568CAT IIUbuntu OS must disable kernel core dumps.Riverbed NetIM OS Security Technical Implementation Guide V-207146CAT IIThe router must be configured to stop forwarding traffic upon the failure of the following actions: system initialization, shutdown, or system abort.Router Security Requirements Guide V-94315CAT IISymantec ProxySG must fail to a secure state upon failure of initialization, shutdown, or abort actions.Symantec ProxySG ALG Security Technical Implementation Guide V-242191CAT IIThe TPS must fail to a secure state which maintains access control mechanisms when the IDPS hardware, software, or firmware fails on initialization/shutdown or experiences a sudden abort during normal operation (also known as "Fail closed").Trend Micro TippingPoint IDPS Security Technical Implementation Guide V-234409CAT IIThe UEM server must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.Unified Endpoint Management Server Security Requirements Guide V-240067CAT IIThe HAProxy baseline must be documented and maintained.VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide V-240068CAT IIHAProxy must be configured to validate the configuration files during start and restart events.VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide V-239847CAT IIThe vRealize Automation server must be configured to perform complete application deployments.VMware Automation 7.x Application Security Technical Implementation Guide V-265619CAT IIThe NSX Distributed Firewall must deny network communications traffic by default and allow network communications traffic by exception.VMware NSX 4.x Distributed Firewall Security Technical Implementation Guide V-265368CAT IIThe NSX Tier-0 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception.VMware NSX 4.x Tier-0 Gateway Firewall Security Technical Implementation Guide V-265494CAT IIThe NSX Tier-1 Gateway firewall must deny network communications traffic by default and allow network communications traffic by exception.VMware NSX 4.x Tier-1 Gateway Firewall Security Technical Implementation Guide V-251729CAT IIIThe NSX-T Distributed Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).VMware NSX-T Distributed Firewall Security Technical Implementation Guide V-251765CAT IIThe NSX-T Tier-1 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).VMware NSX-T Tier 1 Gateway Firewall Security Technical Implementation Guide V-251740CAT IIThe NSX-T Tier-1 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).VMware NSX-T Tier-0 Gateway Firewall Security Technical Implementation Guide V-240253CAT IIThe Lighttpd baseline must be maintained.VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide V-240814CAT IItc Server ALL baseline must be documented and maintained.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240815CAT IItc Server HORIZON must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240816CAT IItc Server VCO must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240817CAT IItc Server VCAC must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240946CAT IIThe vAMI installation procedures must be part of a complete vRealize Automation deployment.VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide V-240947CAT IIThe vAMI must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide V-240972CAT IIvIDM must be configured to provide clustering.VMware vRealize Automation 7.x vIDM Security Technical Implementation Guide V-239842CAT IIThe vRealize Operations server must be configured to perform complete application deployments.VMware vRealize Operations Manager 6.x Application Security Technical Implementation Guide V-241669CAT IItc Server ALL baseline must be documented and maintained.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241670CAT IItc Server UI must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241671CAT IItc Server CaSa must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241672CAT IItc Server API must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-256690CAT IIESX Agent Manager must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.VMware vSphere 7.0 vCenter Appliance EAM Security Technical Implementation Guide V-256723CAT IILookup Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.VMware vSphere 7.0 vCenter Appliance Lookup Service Security Technical Implementation Guide V-256628CAT IIPerformance Charts must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.VMware vSphere 7.0 vCenter Appliance Perfcharts Security Technical Implementation Guide V-256762CAT IIThe Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide V-256796CAT IIvSphere UI must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.VMware vSphere 7.0 vCenter Appliance UI Security Technical Implementation Guide V-259012CAT IIThe vCenter ESX Agent Manager service must be configured to fail to a known safe state if system initialization fails.VMware vSphere 8.0 vCenter Appliance ESX Agent Manager (EAM) Security Technical Implementation Guide V-259046CAT IIThe vCenter Lookup service must be configured to fail to a known safe state if system initialization fails.VMware vSphere 8.0 vCenter Appliance Lookup Service Security Technical Implementation Guide V-259080CAT IIThe vCenter Perfcharts service must be configured to fail to a known safe state if system initialization fails.VMware vSphere 8.0 vCenter Appliance Perfcharts Security Technical Implementation Guide V-258980CAT IIThe vCenter STS service must be configured to fail to a known safe state if system initialization fails.VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide V-259113CAT IIThe vCenter UI service must be configured to fail to a known safe state if system initialization fails.VMware vSphere 8.0 vCenter Appliance User Interface (UI) Security Technical Implementation Guide V-207406CAT IIThe VMM must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.Virtual Machine Manager Security Requirements Guide V-207227CAT IIThe VPN Gateway must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.Virtual Private Network (VPN) Security Requirements Guide V-206404CAT IIThe web server must augment re-creation to a stable and known baseline.Web Server Security Requirements Guide V-206405CAT IIThe web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.Web Server Security Requirements Guide V-206406CAT IIThe web server must provide a clustering capability.Web Server Security Requirements Guide