Automation Controller must be configured to fail over to another system in the event of log subsystem failure.

STIG ID: APAS-AT-000032  |  SRG: SRG-APP-000109-AS-000070 |  Severity: medium |  CCI: CCI-000140,CCI-001190,CCI-002385 |  Vulnerability Id: V-256902 | 

Vulnerability Discussion

Automation Controller hosts must be capable of failing over to another Automation Controller host which can handle application and logging functions upon detection of an application log processing failure. This will allow continual operation of the application and logging functions while minimizing the loss of operation for the users and loss of log data.

Satisfies: SRG-APP-000109-AS-000070, SRG-APP-000225-AS-000154, SRG-APP-000435-AS-000069

Check

The Administrator must check the Automation Controller is deployed in an HA configuration.

Administrator must check Automation Controller host via the REST API at api/v2/ping/ HA field for HA configuration.

If this field is not true, indicating Automation Controller is in an HA configuration, this is a finding.

Fix

If Automation Controller is not in an HA configuration, the administrator must reinstall Automation Controller.