We have been tasked with STIGing our 3 server (web, app, beacon server) implementation of FNMS at DHA. Currently, we have 3 open findings for the IIS Site STIGs, which required us to make a modification of the default value to be in compliance.
The 3 findings revolved around the Application Pool Recycling Section for the following:
- Request Limit
- Virtual Memory Limit
- Private Memory Limit
Each of them has a default value of zero, which its consider a finding. The question is, what are the recommended value for this fields to ensure we are in compliance and FNMS works without issues.
I have attached the 3 STIGs with more information.
Jul 30, 2020 07:46 AM
From what I have seen, I don't believe that Flexera has a recommendation for what these three settings should be for the Security Technical Implementation Guides (STIG) that you mentioned. Looking through everything at my disposal, I have not been able to find any recommendations for these settings
Aug 04, 2020 12:00 PM