V-206406
SV-206406r961122_rule
CAT II
The web server must provide a clustering capability.
From: Web Server Security Requirements Guide (V4R4)
Description
<VulnDiscussion>The web server may host applications that display information that cannot be disrupted, such as information that is time-critical or life-threatening. In these cases, a web server that shuts down or ceases to be accessible when there is a failure is not acceptable. In these types of cases, clustering of web servers is used.
Clustering of multiple web servers is a common approach to providing fail-safe application availability. To assure application availability, the web server must provide clustering or some form of failover functionality.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Review the web server documentation, deployed configuration, and risk analysis documentation to verify that the web server is configured to provide clustering functionality, if the web server is a high-availability web server.
If the web server is not a high-availability web server, this finding is NA.
If the web server is not configured to provide clustering or some form of failover functionality and the web server is a high-availability server, this is a finding.
Fix Text
Configure the web server to provide application failover, or participate in a web cluster that provides failover for high-availability web servers.
CCI Reference
CCI-001190- Created
- 2026-04-07 20:08:40
- Last Updated
- 2026-04-07 20:08:40