STIGQter STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server thread pool size must be defined according to application load requirements.

DISA Rule

SV-96103r1_rule

Vulnerability Number

V-81389

Group Title

SRG-APP-000435-AS-000163

Rule Version

WBSP-AS-001590

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Perform loading for your application to determine the required thread pool sizes.

To set thread pool size:
From the admin console >> Servers >> all servers >> [server name] >> Additional Properties >> Select Thread Pools.

Set the thread pool size for each threadpool.

Check Contents

Review System Security Plan documentation.

Identify the application thread pool size requirements defined by system owner.

From the admin console navigate to Servers >> all servers >> [server name] >> ThreadPools.

Verify thread pool size according to specifications in documentation.

If the maximum size for each threadpool is set too large, and not set according to application requirements, this is a finding.

Vulnerability Number

V-81389

Documentable

False

Rule Version

WBSP-AS-001590

Severity Override Guidance

Review System Security Plan documentation.

Identify the application thread pool size requirements defined by system owner.

From the admin console navigate to Servers >> all servers >> [server name] >> ThreadPools.

Verify thread pool size according to specifications in documentation.

If the maximum size for each threadpool is set too large, and not set according to application requirements, this is a finding.

Check Content Reference

M

Target Key

3399

Comments