Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide
SRG-APP-000001-AS-000001
Automation Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.
Automation Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.
An XCCDF Rule
Details
Profiles
Prose
Automation Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.
Medium Severity
<VulnDiscussion>Application management includes the ability to control the number of sessions that utilize an application by all accounts and/or account types. Limiting the number of allowed sessions is helpful in limiting risks related to denial-of-service attacks. Automation Controllers host and expose business logic and application processes. Automation Controller limits the maximum number of concurrent sessions in a manner that affects the entire application server or on an individual application basis. The settings must follow DOD-recommended values, but the settings should be configurable to allow for future DOD direction. While the DOD will specify recommended values, the values can be adjusted to accommodate the operational requirement of a given system. Satisfies: SRG-APP-000001-AS-000001, SRG-APP-000295-AS-000263</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>