Automation Controller must be configured to fail over to another system in the event of log subsystem failure.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-256902	APAS-AT-000032	SV-256902r902276_rule		Medium

Description
Automation Controller hosts must be capable of failing over to another Automation Controller host which can handle application and logging functions upon detection of an application log processing failure. This will allow continual operation of the application and logging functions while minimizing the loss of operation for the users and loss of log data. Satisfies: SRG-APP-000109-AS-000070, SRG-APP-000225-AS-000154, SRG-APP-000435-AS-000069

Description

Automation Controller hosts must be capable of failing over to another Automation Controller host which can handle application and logging functions upon detection of an application log processing failure. This will allow continual operation of the application and logging functions while minimizing the loss of operation for the users and loss of log data. Satisfies: SRG-APP-000109-AS-000070, SRG-APP-000225-AS-000154, SRG-APP-000435-AS-000069

STIG	Date
Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide	2023-08-29

Details

Check Text ( C-60577r902274_chk )
The Administrator must check the Automation Controller is deployed in an HA configuration. Administrator must check Automation Controller host via the REST API at api/v2/ping/ HA field for HA configuration. If this field is not true, indicating Automation Controller is in an HA configuration, this is a finding.

Fix Text (F-60519r902275_fix)
If Automation Controller is not in an HA configuration, the administrator must reinstall Automation Controller.