The application server must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35575	SRG-APP-000106-AS-NA	SV-46862r1_rule		Medium

Description
It is critical when a system is at risk of failing to process audit logs as required; actions are automatically taken to mitigate the failure or risk of failure. Rejecting or delaying network traffic is not a role that the application server plays. AS functionality is designed for application hosting and does not include threshold management of audit traffic. This requirement is better met by a network traffic QoS solution that can meter and assign priorities to specific types of traffic.

Description

It is critical when a system is at risk of failing to process audit logs as required; actions are automatically taken to mitigate the failure or risk of failure. Rejecting or delaying network traffic is not a role that the application server plays. AS functionality is designed for application hosting and does not include threshold management of audit traffic. This requirement is better met by a network traffic QoS solution that can meter and assign priorities to specific types of traffic.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43915r1_chk )
This requirement is NA for the AS SRG.

Fix Text (F-40116r1_fix)
The requirement is NA. No fix is required.