The application server must limit the use of resources by priority and not impede the host from servicing processes designated as a higher-priority.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35435	SRG-APP-000248-AS-000164	SV-46722r1_rule		Medium

Description
Priority protection helps the application server prevent a lower-priority application process from delaying or interfering with any higher-priority application processes. If the application server is not capable of managing application resource requests, the AS could become overwhelmed by a high volume of low priority resource requests which can cause an availability issue. This requirement only applies to Mission Assurance Category 1 systems and does not apply to information systems with a Mission Assurance Category of 2 or 3.

Description

Priority protection helps the application server prevent a lower-priority application process from delaying or interfering with any higher-priority application processes. If the application server is not capable of managing application resource requests, the AS could become overwhelmed by a high volume of low priority resource requests which can cause an availability issue. This requirement only applies to Mission Assurance Category 1 systems and does not apply to information systems with a Mission Assurance Category of 2 or 3.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43789r1_chk )
Review AS documentation to determine if the AS can assign a priority level or otherwise allocate application resource requests. This is sometimes referred to as workload management. If the AS cannot meet this requirement, this is a finding.

Fix Text (F-39979r1_fix)
Configure the AS to prioritize application resource requirements.