STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.

DISA Rule

SV-204708r508029_rule

Vulnerability Number

V-204708

Group Title

SRG-APP-000001

Rule Version

SRG-APP-000001-AS-000001

Severity

CAT II

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Configure the application server to limit the number of concurrent sessions for all accounts and/or account types to the organization-defined number.

Check Contents

Review the application server product documentation and configuration to determine if the number of concurrent sessions can be limited to the organization-defined number of sessions for all accounts and/or account types.

If a feature to limit the number of concurrent sessions is not available, is not set, or is set to unlimited, this is a finding.

Vulnerability Number

V-204708

Documentable

False

Rule Version

SRG-APP-000001-AS-000001

Severity Override Guidance

Review the application server product documentation and configuration to determine if the number of concurrent sessions can be limited to the organization-defined number of sessions for all accounts and/or account types.

If a feature to limit the number of concurrent sessions is not available, is not set, or is set to unlimited, this is a finding.

Check Content Reference

M

Target Key

2900

Comments