Details
The idle time-out attribute controls the amount of time a worker process will remain idle before it shuts down. A worker process is idle if it is not processing requests and no new requests are received.
The purpose of this attribute is to conserve system resources; the default value for idle time-out is 20 minutes.
By default, the World Wide Web (WWW) service establishes an overlapped recycle, in which the worker process to be shut down is kept running until after a new worker process is started.
Solution
Follow the procedures below for each site hosted on the IIS 10.0 web server:
Open the IIS 10.0 Manager.
Click the Application Pools.
Highlight an Application Pool to review and click ‘Advanced Settings’ in the ‘Actions’ pane.
Scroll down to the ‘Process Model’ section and set the value for ‘Idle Time-out’ to something other than ‘0’. ’20’ or less is recommended if the amount of RAM on the system is limited.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.
References
- 800-53|AC-12
- CAT|II
- CCI|CCI-002361
- CSCv6|16.5
- Rule-ID|SV-218762r558649_rule
- STIG-ID|IIST-SI-000235
- STIG-Legacy|SV-109349
- STIG-Legacy|V-100245
- Vuln-ID|V-218762