Rule ID
SV-222995r961620_rule
Version
V3R4
CCIs
CCI-002385
A MAC I system is a system that handles data vital to the organization's operational readiness or effectiveness of deployed or contingency forces. A MAC I system must maintain the highest level of integrity and availability. By HA clustering the application server, the hosted application and data are given a platform that is load-balanced and provided high-availability.
This requirement only applies to a system that is categorized as high within the Risk Management Framework (RMF). Review the System Security Plan (SSP) or other system documentation that specifies the operational uptime requirements and RMF system categorization. If the system is categorized as high, from the Tomcat server as a privileged user, run the following command: sudo grep -i -A10 -B2 "Cluster" $CATALINA_BASE/conf/server.xml If the <Cluster/> element is commented out, or no results returned, then the system is not clustered and this is a finding.
From the Tomcat server as a privileged user, modify the $CATALINA_BASE/conf/server.xml file. Uncomment the "<Cluster/> object and configure the system into a cluster as per the Tomcat clustering documentation provided at the Tomcat website. https://tomcat.apache.org/tomcat-9.0-doc/config/cluster.html