| 2.4 Ensure 'forms authentication' is set to use cookies - Application | CONFIGURATION MANAGEMENT |
| 2.4 Ensure 'forms authentication' is set to use cookies - Default | CONFIGURATION MANAGEMENT |
| 2.8 Ensure 'credentials' are not stored in configuration files - Applications | IDENTIFICATION AND AUTHENTICATION |
| 2.8 Ensure 'credentials' are not stored in configuration files - Default | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Ensure 'debug' is turned off - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Ensure 'debug' is turned off - Default | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure custom error messages are not off - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure custom error messages are not off - Default | SYSTEM AND INFORMATION INTEGRITY |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Default | SYSTEM AND INFORMATION INTEGRITY |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CONFIGURATION MANAGEMENT |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Default | CONFIGURATION MANAGEMENT |
| 3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Applications | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Default | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ensure Server Header is removed - Applications | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ensure Server Header is removed - Default | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ensure X-Powered-By Header is removed - Applications | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ensure X-Powered-By Header is removed - Default | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Default | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure 'maxURL request filter' is configured - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure 'maxURL request filter' is configured - Default | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Default | SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Default | SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Ensure HSTS Header is set | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure TLS 1.0 is disabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.12 Ensure TLS Cipher Suite ordering is configured | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS Microsoft IIS 10 Benchmark v1.1.0 Level 2 | |
