CIS IIS 10 v1.2.1 Level 2

Audit Details

Name: CIS IIS 10 v1.2.1 Level 2

Updated: 6/17/2024

Authority: CIS

Plugin: Windows

Revision: 1.3

Estimated Item Count: 30

File Details

Filename: CIS_MS_IIS_10_v1.2.1_Level_2.audit

Size: 122 kB

MD5: 1df5836c363949650faec56fd4f5067b
SHA256: 19a4f51f49984af87ed9c2a8039c998a6ec0b9682583753220b2021db56d9cab

Audit Items

DescriptionCategories
2.4 Ensure 'forms authentication' is set to use cookies - Application

SYSTEM AND SERVICES ACQUISITION

2.4 Ensure 'forms authentication' is set to use cookies - Default

SYSTEM AND SERVICES ACQUISITION

2.8 Ensure 'credentials' are not stored in configuration files - Applications

IDENTIFICATION AND AUTHENTICATION

2.8 Ensure 'credentials' are not stored in configuration files - Default

IDENTIFICATION AND AUTHENTICATION

3.2 Ensure 'debug' is turned off - Applications

SYSTEM AND SERVICES ACQUISITION

3.2 Ensure 'debug' is turned off - Default

SYSTEM AND SERVICES ACQUISITION

3.3 Ensure custom error messages are not off - Applications

SYSTEM AND SERVICES ACQUISITION

3.3 Ensure custom error messages are not off - Default

SYSTEM AND SERVICES ACQUISITION

3.5 Ensure ASP.NET stack tracing is not enabled - Applications

SYSTEM AND SERVICES ACQUISITION

3.5 Ensure ASP.NET stack tracing is not enabled - Default

SYSTEM AND SERVICES ACQUISITION

3.6 Ensure 'httpcookie' mode is configured for session state - Applications

SYSTEM AND SERVICES ACQUISITION

3.6 Ensure 'httpcookie' mode is configured for session state - Default

SYSTEM AND SERVICES ACQUISITION

3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Applications

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Default

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.11 Ensure X-Powered-By Header is removed - Applications

CONFIGURATION MANAGEMENT

3.11 Ensure X-Powered-By Header is removed - Default

CONFIGURATION MANAGEMENT

3.12 Ensure Server Header is removed - Applications

CONFIGURATION MANAGEMENT

3.12 Ensure Server Header is removed - Default

CONFIGURATION MANAGEMENT

4.1 Ensure 'maxAllowedContentLength' is configured - Applications

SYSTEM AND SERVICES ACQUISITION

4.1 Ensure 'maxAllowedContentLength' is configured - Default

SYSTEM AND SERVICES ACQUISITION

4.2 Ensure 'maxURL request filter' is configured - Applications

SYSTEM AND SERVICES ACQUISITION

4.2 Ensure 'maxURL request filter' is configured - Default

SYSTEM AND SERVICES ACQUISITION

4.3 Ensure 'MaxQueryString request filter' is configured - Applications

SYSTEM AND SERVICES ACQUISITION

4.3 Ensure 'MaxQueryString request filter' is configured - Default

SYSTEM AND SERVICES ACQUISITION

4.4 Ensure non-ASCII characters in URLs are not allowed - Applications

SYSTEM AND SERVICES ACQUISITION

4.4 Ensure non-ASCII characters in URLs are not allowed - Default

SYSTEM AND SERVICES ACQUISITION

7.1 Ensure HSTS Header is set - Server

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure HSTS Header is set - Sites

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.12 Ensure TLS Cipher Suite ordering is Configured

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

CIS_MS_IIS_10_v1.2.1_Level_2.audit from CIS Microsoft IIS 10 Benchmark v1.2.1