Nutanix AOS must limit the number of concurrent sessions to 10 for all accounts and/or account types.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279415 | NXAC-AS-000001 | SV-279415r1191367_rule | CCI-000054 | medium |
| Description | ||||
| Application management includes the ability to control the number of sessions that use an application by all accounts and/or account types. Limiting the number of allowed sessions is helpful in limiting risks related to denial-of-service (DOS) attacks. Application servers host and expose business logic and application processes. The application server must limit the maximum number of concurrent sessions in a manner that affects the entire application server or on an individual application basis. Although there is some latitude concerning the settings themselves, the settings should follow DOD-recommended values, but the settings should be configurable to allow for future DOD direction. While the DOD will specify recommended values, the values can be adjusted to accommodate the operational requirement of a given system. | ||||
| STIG | Date | |||
| Nutanix Acropolis Application Server Security Technical Implementation Guide | 2026-02-24 | |||
Details
Check Text (C-279415r1191367_chk)
Verify DODIN mode is enabled to ensure maximum concurrent session is limited to 10.
1. For AOS, run the following command:
$ ncli cluster get-cvm-security-config
Enable DoDin Additiona... : true
2. For Prism Central, run the following command:
$ ncli cluster get-pcvm-security-config
Enable DoDin Additiona... : true
3. For Files, run the following command:
$ ncli cluster get-afs-security-config
Enable DoDin Additiona... : true
If the value for "Enable DoDin Additional" is not set to "True", this is a finding.
Fix Text (F-83873r1191030_fix)
Set max concurrent connections to 10 by running the following command:
$ configure_dod_mode.sh enter_dod_mode