The Idle Timeout monitor must be enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13708 | WA000-WI6028 IIS7 | SV-32572r3_rule | Medium |
| Description |
|---|
| The idle time-out attribute controls the amount of time a worker process will remain idle before it shuts down. A worker process is idle if it is not processing requests and no new requests are received. The purpose of this attribute is to conserve system resources; the default value for idle time-out is 20 minutes. By default, the World Wide Web (WWW) service establishes an overlapped recycle, in which the worker process to be shut down is kept running until after a new worker process is started. |
| STIG | Date |
|---|---|
| IIS 7.0 Site STIG | 2019-05-15 |
Details
| Check Text ( C-32857r2_chk ) |
|---|
| 1. Open the IIS Manager. 2. Click the Application Pools. 3. Highlight an Application Pool to review and click Advanced Settings in the Actions Pane. 4. Scroll down to the Process Model section and ensure the value for Idle Time out is set to 20. If not, this is a finding. NOTE: If the site has operational reasons to set Idle Time out to an alternate value, and has supporting documentation signed by the ISSO, this is not a finding. |
| Fix Text (F-28992r1_fix) |
|---|
| 1. Open the IIS Manager. 2. Click the Application Pools. 3. Highlight an Application Pool to review and click Advanced Settings in the Actions Pane. 4. Scroll down to the Process Model section and set the value for Idle Time-out to 20. |