Detections
Analytics

CIS IIS 10 v1.2.0 Level 2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS IIS 10 v1.2.0 Level 2

Updated: 6/17/2024

Authority: CIS

Plugin: Windows

Revision: 1.3

Estimated Item Count: 30

File Details

Filename: CIS_MS_IIS_10_v1.2.0_Level_2.audit

Size: 107 kB

MD5: f67f355b85482a7ebc2fe28ce26b09dd
SHA256: 25a324985656d65dd1ab49d000fc367f75717a198c4f7d06d9c737c018ab31d9

Audit Items

DescriptionCategories
2.4 Ensure 'forms authentication' is set to use cookies - Application
2.4 Ensure 'forms authentication' is set to use cookies - Default
2.8 Ensure 'credentials' are not stored in configuration files - Applications
2.8 Ensure 'credentials' are not stored in configuration files - Default
3.2 Ensure 'debug' is turned off - Applications
3.2 Ensure 'debug' is turned off - Default
3.3 Ensure custom error messages are not off - Applications
3.3 Ensure custom error messages are not off - Default
3.5 Ensure ASP.NET stack tracing is not enabled - Applications
3.5 Ensure ASP.NET stack tracing is not enabled - Default
3.6 Ensure 'httpcookie' mode is configured for session state - Applications
3.6 Ensure 'httpcookie' mode is configured for session state - Default
3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Applications
3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Default
3.11 Ensure X-Powered-By Header is removed - Applications
3.11 Ensure X-Powered-By Header is removed - Default
3.12 Ensure Server Header is removed - Applications
3.12 Ensure Server Header is removed - Default
4.1 Ensure 'maxAllowedContentLength' is configured - Applications
4.1 Ensure 'maxAllowedContentLength' is configured - Default
4.2 Ensure 'maxURL request filter' is configured - Applications
4.2 Ensure 'maxURL request filter' is configured - Default
4.3 Ensure 'MaxQueryString request filter' is configured - Applications
4.3 Ensure 'MaxQueryString request filter' is configured - Default
4.4 Ensure non-ASCII characters in URLs are not allowed - Applications
4.4 Ensure non-ASCII characters in URLs are not allowed - Default
7.1 Ensure HSTS Header is set - Server
7.1 Ensure HSTS Header is set - Sites
7.12 Ensure TLS Cipher Suite ordering is Configured
CIS_MS_IIS_10_v1.2.0_Level_2.audit from CIS Microsoft IIS 10 Benchmark v1.2.0