CIS IIS 6.0 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS IIS 6.0 v1.0.0

Updated: 4/2/2021

Authority: CIS

Plugin: Windows

Revision: 1.33

Estimated Item Count: 100

Audit Items

Description	Categories
1.1 Default Install Files - '/IISHelp'	CONFIGURATION MANAGEMENT
1.1 Default Install Files - '/iissamples'	CONFIGURATION MANAGEMENT
1.1 Default Install Files - '/Printers'	CONFIGURATION MANAGEMENT
1.1 Default Install Files - '/scripts'	CONFIGURATION MANAGEMENT
1.1 Default Install Files - '%systemdrive%\inetpub\scripts'	CONFIGURATION MANAGEMENT
1.1 Default Install Files - '%systemdrive%\inetpub\scripts\IISSamples'	CONFIGURATION MANAGEMENT
1.1 Default Install Files - '%systemdrive%\inetpub\wwwroot\aspnet_client'	CONFIGURATION MANAGEMENT
1.1 Default Install Files - '%systemdrive%\inetpub\wwwroot\iisstart.htm'	CONFIGURATION MANAGEMENT
1.1 Default Install Files - '%systemdrive%\inetpub\wwwroot\pagerror.gif'	CONFIGURATION MANAGEMENT
1.1 Default Install Files - 'iisadmpwd' Check if exist	ACCESS CONTROL
1.1 Default Install Files - 'iisadmpwd' Check if using Integrated Windows Authentication	ACCESS CONTROL
1.2 Remote Data Services (RDS) - '/Msadc Virtual Directory'	CONFIGURATION MANAGEMENT
1.2 Remote Data Services (RDS) - '%programfiles%\Common Files\System\Msadc'	CONFIGURATION MANAGEMENT
1.2 Remote Data Services (RDS) - '%programfiles%\Common Files\System\Msadc\Samples'	CONFIGURATION MANAGEMENT
1.2 Remote Data Services (RDS) - 'HKLM\Software\Microsoft\DataFactory\HandlerInfo'	CONFIGURATION MANAGEMENT
1.2 Remote Data Services (RDS) - 'HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\VbBusObj.VbBusObjCls'	CONFIGURATION MANAGEMENT
1.3 Internet Printing - 'HKLM\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPrinting'	CONFIGURATION MANAGEMENT
1.3 Internet Printing - 'Internet Printing Protocol script mappings - .printer'	CONFIGURATION MANAGEMENT
1.4 URLScan - '%systemroot%\system32\inetsrv\urlscan\urlscan.exe'	CONFIGURATION MANAGEMENT
1.5 IIS Lockdown (not scored)
2.1 FTP User Isolation	SYSTEM AND COMMUNICATIONS PROTECTION
2.2 SMTP
2.2 SMTP - 'AccessSSL = True'	ACCESS CONTROL
2.2 SMTP - 'AccessSSL128 = True'	ACCESS CONTROL
2.2 SMTP - 'AuthNTLM = True'	ACCESS CONTROL
2.2 SMTP - 'Relay Restrictions'
2.3 SSL - 'Global Setting - AccessSSL = True'	SYSTEM AND COMMUNICATIONS PROTECTION
2.3 SSL - 'Global Setting - AccessSSL128 = True'	SYSTEM AND COMMUNICATIONS PROTECTION
2.3 SSL - 'Host configured for Secure communication'
2.3 SSL - 'Virtual Dir Setting - AccessSSL = True'	SYSTEM AND COMMUNICATIONS PROTECTION
2.3 SSL - 'Virtual Dir Setting - AccessSSL128 = True'	SYSTEM AND COMMUNICATIONS PROTECTION
2.4 Worker Process Identities - 'AppPoolIdentityType = SYSTEM,LOCAL SERVICE,NETWORK SERVICE, or SPECIFIC USER'	ACCESS CONTROL
2.4 Worker Process Identities - 'WAMUserName'	ACCESS CONTROL
2.5 WebDAV Authentication - 'Global Setting - AuthNTLM = True'	ACCESS CONTROL
2.5 WebDAV Authentication - 'Virtual Dir Setting - AuthNTLM = True'	ACCESS CONTROL
3.1 Anonymous User (anonymousUserName) - 'Global Setting - AnonymousUserName = IUSR_'	ACCESS CONTROL
3.1 Anonymous User (anonymousUserName) - 'Virtual Dir Setting - AnonymousUserName = IUSR_'	ACCESS CONTROL
3.2 Client-side Application Debugging (AppAllowClientDebug) - 'Global Setting - AppAllowClientDebug = FALSE'	CONFIGURATION MANAGEMENT
3.2 Client-side Application Debugging (AppAllowClientDebug) - 'Virtual Dir Setting - AppAllowClientDebug = FALSE'	CONFIGURATION MANAGEMENT
3.3 Server-side Application Debugging (AppAllowDebugging) - 'Global Setting - AppAllowDebugging = FALSE'	SYSTEM AND INFORMATION INTEGRITY
3.3 Server-side Application Debugging (AppAllowDebugging) - 'Virtual Dir Setting - AppAllowDebugging = FALSE'	SYSTEM AND INFORMATION INTEGRITY
3.4 ASP Parent Paths (AspEnableParentPaths) - 'Global Setting - AspEnableParentPaths = FALSE'	ACCESS CONTROL
3.4 ASP Parent Paths (AspEnableParentPaths) - 'Virtual Dir Setting - AspEnableParentPaths = FALSE'	SYSTEM AND COMMUNICATIONS PROTECTION
3.5 Logging to Windows Event Log (AspLogErrorRequests) - 'Global Setting - AspLogErrorRequests = FALSE'	AUDIT AND ACCOUNTABILITY
3.5 Logging to Windows Event Log (AspLogErrorRequests) - 'Virtual Dir Setting - AspLogErrorRequests = FALSE'	AUDIT AND ACCOUNTABILITY
3.6 ASP Error Messages Setting (AspScriptErrorSentToBrowser) - 'Global Setting - AspScriptErrorSentToBrowser = FALSE'	CONFIGURATION MANAGEMENT
3.6 ASP Error Messages Setting (AspScriptErrorSentToBrowser) - 'Virtual Dir Setting - AspScriptErrorSentToBrowser = FALSE'	SYSTEM AND INFORMATION INTEGRITY
3.7 Custom ASP Error Message (AspScriptErrorMessage) - 'Global Setting - AspScriptErrorMessage	SYSTEM AND INFORMATION INTEGRITY
3.7 Custom ASP Error Message (AspScriptErrorMessage) - 'Virtual Dir Setting - AspScriptErrorMessage	SYSTEM AND INFORMATION INTEGRITY
3.8 ASP Session Object Timeout (AspSessionTimeout) - 'Global Setting - AspSessionTimeout <= 10'	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

Detections

Analytics

CIS IIS 6.0 v1.0.0

Warning! Audit Deprecated

Audit Details

Audit Items