Detections
Analytics

CIS IIS 10 v1.2.0 Level 1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS IIS 10 v1.2.0 Level 1

Updated: 6/17/2024

Authority: CIS

Plugin: Windows

Revision: 1.4

Estimated Item Count: 61

File Details

Filename: CIS_MS_IIS_10_v1.2.0_Level_1.audit

Size: 201 kB

MD5: bfa4ffb2388461223579108236a96b56
SHA256: 457dcebebe393cd3c984bd67746a1851db83b70892b1b9de82b0e2e919ac3e76

Audit Items

DescriptionCategories
1.1 Ensure 'Web content' is on non-system partition
1.2 Ensure 'Host headers' are on all sites - host headers are on all sites
1.3 Ensure 'Directory browsing' is set to Disabled - directory browsing is set to disabled
1.4 Ensure 'application pool identity' is configured for all application pools
1.5 Ensure 'unique application pools' is set for sites
1.6 Ensure 'application pool identity' is configured for anonymous user identity
1.7 Ensure' WebDav' feature is disabled
2.1 Ensure 'global authorization rule' is set to restrict access
2.2 Ensure access to sensitive site features is restricted to authenticated principals only
2.3 Ensure 'forms authentication' require SSL - Applications
2.3 Ensure 'forms authentication' require SSL - Default
2.5 Ensure 'cookie protection mode' is configured for forms authentication - Applications
2.5 Ensure 'cookie protection mode' is configured for forms authentication - Default
2.6 Ensure transport layer security for 'basic authentication' is configured
2.7 Ensure 'passwordFormat' is not set to clear - Applications
2.7 Ensure 'passwordFormat' is not set to clear - Default
3.1 Ensure 'deployment method retail' is set
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default
3.7 Ensure 'cookies' are set with HttpOnly attribute - Applications
3.7 Ensure 'cookies' are set with HttpOnly attribute - Default
3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured - Applications
3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured - Default
3.10 Ensure global .NET trust level is configured - Applications
3.10 Ensure global .NET trust level is configured - Default
4.5 Ensure Double-Encoded requests will be rejected - Applications
4.5 Ensure Double-Encoded requests will be rejected - Default
4.6 Ensure 'HTTP Trace Method' is disabled - Applications
4.6 Ensure 'HTTP Trace Method' is disabled - Default
4.7 Ensure Unlisted File Extensions are not allowed - Applications
4.7 Ensure Unlisted File Extensions are not allowed - Default
4.8 Ensure Handler is not granted Write and Script/Execute - Applications
4.8 Ensure Handler is not granted Write and Script/Execute - Default
4.9 Ensure 'notListedIsapisAllowed' is set to false
4.10 Ensure 'notListedCgisAllowed' is set to false
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Concurrent Requests
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - maxConcurrentRequests
5.1 Ensure Default IIS web log location is moved
5.2 Ensure Advanced IIS logging is enabled
5.3 Ensure 'ETW Logging' is enabled
5.3 Ensure 'ETW Logging' is enabled - Sites logFormat W3C
5.3 Ensure 'ETW Logging' is enabled - Sites logFormat W3C with ETW target
6.1 Ensure FTP requests are encrypted - Control Channel Default
6.1 Ensure FTP requests are encrypted - Control Channel Sites
6.1 Ensure FTP requests are encrypted - Data Channel Default
6.1 Ensure FTP requests are encrypted - Data Channel Sites
6.2 Ensure FTP Logon attempt restrictions is enabled
7.2 Ensure SSLv2 is Disabled
7.3 Ensure SSLv3 is Disabled
7.4 Ensure TLS 1.0 is Disabled