Skip to content
ATO Pathways
  Log In

CCI-001190

Fail to an organization-defined known-system state for the following failures on the indicated components while preserving organization-defined system state information in failure.

Logo
4

Rule

Severity: Medium
The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
Logo
4

Rule

Severity: Medium
The Apache web server must augment re-creation to a stable and known baseline.
Logo
2

Rule

Severity: Medium
The Apache web server must be configured to provide clustering.
Logo
2

Rule

Severity: Medium
The ALG must fail to a secure state upon failure of initialization, shutdown, or abort actions.
Logo
2

Rule

Severity: Medium
The application server must be capable of reverting to the last known good configuration in the event of failed installations and upgrades.
Logo
2

Rule

Severity: Medium
The application server must be configured to perform complete application deployments.
Logo
2

Rule

Severity: Medium
The application server must provide a clustering capability.
Logo
2

Rule

Severity: Medium
The application server must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
2

Rule

Severity: High
The application must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
2

Rule

Severity: Low
IDMS executing in a local mode batch environment must be able to manually recover or restore database areas affected by failed transactions.
Logo
2

Rule

Severity: Medium
The DNS server implementation must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
2

Rule

Severity: Medium
The firewall must fail to a secure state upon the failure of the following: system initialization, shutdown, or system abort.
Logo
1

Rule

Severity: Medium
The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly.
Logo
1

Rule

Severity: Medium
The MQ Appliance messaging server must provide a clustering capability.
Logo
1

Rule

Severity: Low
The WebSphere Application Server must be configured to perform complete application deployments when using A/B clusters.
Logo
1

Rule

Severity: Low
The WebSphere Application servers with an RMF categorization of high must be in a high-availability (HA) cluster.
Logo
2

Rule

Severity: Medium
The IDPS must fail to a secure state which maintains access control mechanisms when the IDPS hardware, software, or firmware fails on initialization/shutdown or experiences a sudden abort during normal operation.
Logo
2

Rule

Severity: Medium
The Mainframe Product must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
1

Rule

Severity: Medium
Oracle WebLogic must be configured to perform complete application deployments.
Logo
2

Rule

Severity: Medium
The router must be configured to stop forwarding traffic upon the failure of the following actions: system initialization, shutdown, or system abort.
Logo
1

Rule

Severity: Medium
Symantec ProxySG must fail to a secure state upon failure of initialization, shutdown, or abort actions.
Logo
2

Rule

Severity: Medium
The TPS must fail to a secure state which maintains access control mechanisms when the IDPS hardware, software, or firmware fails on initialization/shutdown or experiences a sudden abort during normal operation (also known as "Fail closed").
Logo
2

Rule

Severity: Medium
The UEM server must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
1

Rule

Severity: Low
The NSX-T Distributed Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
Logo
2

Rule

Severity: Medium
The NSX-T Tier-1 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
Logo
2

Rule

Severity: Medium
The VPN Gateway must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
2

Rule

Severity: Medium
Clusters must operate on a trusted network.
Logo
1

Rule

Severity: Medium
Kernel core dumps must be disabled unless needed.
Logo
2

Rule

Severity: Medium
The Ubuntu operating system must disable kernel core dumps so that it can fail to a secure state if system initialization fails, shutdown fails or aborts fail.
Logo
2

Rule

Severity: Medium
The container platform runtime must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
2

Rule

Severity: Medium
The DBMS must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
2

Rule

Severity: Medium
The operating system must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
2

Rule

Severity: Medium
CA-TSS DOWN Control Option values must be properly specified.
Logo
2

Rule

Severity: Medium
MariaDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
2

Rule

Severity: Medium
MongoDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
2

Rule

Severity: Medium
The IIS 10.0 web server must augment re-creation to a stable and known baseline.
Logo
1

Rule

Severity: Medium
Windows Defender Firewall with Advanced Security local firewall rules must not be merged with Group Policy settings when connected to a public network.
Logo
1

Rule

Severity: Medium
Windows Defender Firewall with Advanced Security local connection rules must not be merged with Group Policy settings when connected to a public network.
Logo
2

Rule

Severity: Medium
Automation Controller must be configured to fail over to another system in the event of log subsystem failure.
Logo
2

Rule

Severity: Medium
Redis Enterprise DBMS must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
2

Rule

Severity: Medium
The VMM must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
1

Rule

Severity: Medium
Performance Charts must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
Logo
1

Rule

Severity: Medium
ESX Agent Manager must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
Logo
1

Rule

Severity: Medium
Lookup Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
Logo
1

Rule

Severity: Medium
The Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
Logo
3

Rule

Severity: Medium
The vCenter ESX Agent Manager service must be configured to fail to a known safe state if system initialization fails.
Logo
3

Rule

Severity: Medium
The vCenter Lookup service must be configured to fail to a known safe state if system initialization fails.
Logo
1

Rule

Severity: Medium
vSphere UI must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
Logo
3

Rule

Severity: Medium
The vCenter Perfcharts service must be configured to fail to a known safe state if system initialization fails.
Logo
3

Rule

Severity: Medium
The vCenter STS service must be configured to fail to a known safe state if system initialization fails.
Logo
3

Rule

Severity: Medium
The vCenter UI service must be configured to fail to a known safe state if system initialization fails.
Logo
2

Rule

Severity: Medium
The web server must augment re-creation to a stable and known baseline.
Logo
2

Rule

Severity: Medium
The web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
Logo
2

Rule

Severity: Medium
The web server must provide a clustering capability.
Logo
1

Rule

Severity: Medium
Ubuntu 22.04 LTS must disable kernel core dumps so that it can fail to a secure state if system initialization fails, shutdown fails or aborts fail.
Logo
1

Rule

Severity: Medium
The Enterprise Voice, Video, and Messaging Session Manager must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Logo
1

Rule

Severity: Medium
The NSX Distributed Firewall must deny network communications traffic by default and allow network communications traffic by exception.
Logo
1

Rule

Severity: Medium
The NSX Tier-0 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception.
Logo
1

Rule

Severity: Medium
The NSX Tier-1 Gateway firewall must deny network communications traffic by default and allow network communications traffic by exception.

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules