STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Application Server Security Requirements Guide

V-204769

CAT II (Medium)

The application server must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.

Rule ID

SV-204769r961122_rule

STIG

Application Server Security Requirements Guide

Version

V4R4

CCIs

CCI-001190

Discussion

Fail-secure is a condition achieved by the application server in order to ensure that in the event of an operational failure, the system does not enter into an unsecure state where intended security properties no longer hold. Preserving information system state information also facilitates system restart and return to the operational mode of the organization with less disruption of mission-essential processes.

Check Content

Review application server documentation and configuration to determine if the application server fails to a secure state if system initialization fails, shutdown fails, or aborts fail.

If the application server cannot be configured to fail securely, this is a finding.

Fix Text

Configure the application server to fail to a secure state if system initialization fails, shutdown fails, or aborts fail.