STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Omnissa WS1 UEM API Security Technical Implementation Guide

V-284197

CAT II (Medium)

The Omnissa WS1 UEM API must employ throttling.

Rule ID

SV-284197r1223938_rule

STIG

Omnissa WS1 UEM API Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001095

Discussion

The API must employ throttling to limit the effects of information flooding types of denial-of-service (DoS) attacks. DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. In the case of application DoS attacks, care must be taken when designing the application to ensure the application makes the best use of system resources. SQL queries have the potential to consume large amounts of CPU cycles if they are not tuned for optimal performance. Web services containing complex calculations requiring large amounts of time to complete can bog down if too many requests for the service are encountered within a short period of time. The methods employed to meet this requirement will vary depending upon the technology the application uses. However, a variety of technologies exist to limit or, in some cases, eliminate the effects of application-related DoS attacks. Employing increased capacity and bandwidth combined with specialized application layer protection devices and service redundancy may reduce the susceptibility to some DoS attacks.

Check Content

Verify WS1 UEM REST API server bandwidth throttling has been configured. Specific configuration settings should be based on the site operational environment. 
 
1. Log in to the WS1 UEM console. 
2. Navigate to Groups & Settings >> All Settings >> System >> Advanced >> API >> REST API >> User tab. 
3. Verify the server throttling has been set based on the site operational environment.  
 
Note: The User tab may not be viewable if the WS1 UEM organizational group instance does not have permission to access configuration settings available on the User tab. In this case, have the system administrator (SA) of the top organizational group confirm throttling has been set. 
 
If WS1 UEM REST API server bandwidth throttling has not been configured, this is a finding.

Fix Text

Implement WS1 UEM REST API server bandwidth throttling using the following procedures: 
 
1. Log in to the WS1 UEM console. 
2. Navigate to Groups & Settings >> All Settings >> System >> Advanced >> API >> REST API >> User tab. 
3. Set the server throttling based on the site operational environment.  
 
Note: The User tab may not be viewable if the WS1 UEM organizational group instance does not have permission to access configuration settings available on the User tab. In this case, have the SA of the top organizational group configure the throttling setting.