STIGQter: STIG Summary: ISEC7 Sphere Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The ISEC7 EMM Suite must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.

DISA Rule

SV-224760r505933_rule

Vulnerability Number

V-224760

Group Title

SRG-APP-000001

Rule Version

ISEC-06-000010

Severity

CAT II

CCI(s)

CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

Fix Recommendation

Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Set the maxConnections setting according to organizational guidelines.
Set the maxThreads setting according to organizational guidelines.
Restart the ISEC7 EMM Suite Web service.

Check Contents

Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat Settings.
Verify the maxConnections setting is set according to organizational guidelines.
Verify the maxThreads setting is set according to organizational guidelines.

If the maxConnections setting is not set according to organizational guidelines or the maxThreads setting is not set according to organizational guidelines, this is a finding.

Vulnerability Number

V-224760

Documentable

False

Rule Version

ISEC-06-000010

Severity Override Guidance

Check Content Reference

Target Key

4200

The ISEC7 EMM Suite must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments