2.4 Ensure 'forms authentication' is set to use cookies - Application | CONFIGURATION MANAGEMENT |
2.4 Ensure 'forms authentication' is set to use cookies - Default | CONFIGURATION MANAGEMENT |
2.8 Ensure 'credentials' are not stored in configuration files - Applications | IDENTIFICATION AND AUTHENTICATION |
2.8 Ensure 'credentials' are not stored in configuration files - Default | IDENTIFICATION AND AUTHENTICATION |
3.2 Ensure 'debug' is turned off - Applications | SYSTEM AND INFORMATION INTEGRITY |
3.2 Ensure 'debug' is turned off - Default | SYSTEM AND INFORMATION INTEGRITY |
3.3 Ensure custom error messages are not off - Applications | SYSTEM AND INFORMATION INTEGRITY |
3.3 Ensure custom error messages are not off - Default | SYSTEM AND INFORMATION INTEGRITY |
3.5 Ensure ASP.NET stack tracing is not enabled - Applications | SYSTEM AND INFORMATION INTEGRITY |
3.5 Ensure ASP.NET stack tracing is not enabled - Default | SYSTEM AND INFORMATION INTEGRITY |
3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CONFIGURATION MANAGEMENT |
3.6 Ensure 'httpcookie' mode is configured for session state - Default | CONFIGURATION MANAGEMENT |
3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Applications | SYSTEM AND COMMUNICATIONS PROTECTION |
3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Default | SYSTEM AND COMMUNICATIONS PROTECTION |
3.11 Ensure Server Header is removed - Applications | SYSTEM AND COMMUNICATIONS PROTECTION |
3.11 Ensure Server Header is removed - Default | SYSTEM AND COMMUNICATIONS PROTECTION |
3.11 Ensure X-Powered-By Header is removed - Applications | SYSTEM AND COMMUNICATIONS PROTECTION |
3.11 Ensure X-Powered-By Header is removed - Default | SYSTEM AND COMMUNICATIONS PROTECTION |
4.1 Ensure 'maxAllowedContentLength' is configured - Applications | SYSTEM AND INFORMATION INTEGRITY |
4.1 Ensure 'maxAllowedContentLength' is configured - Default | SYSTEM AND INFORMATION INTEGRITY |
4.2 Ensure 'maxURL request filter' is configured - Applications | SYSTEM AND INFORMATION INTEGRITY |
4.2 Ensure 'maxURL request filter' is configured - Default | SYSTEM AND INFORMATION INTEGRITY |
4.3 Ensure 'MaxQueryString request filter' is configured - Applications | SYSTEM AND INFORMATION INTEGRITY |
4.3 Ensure 'MaxQueryString request filter' is configured - Default | SYSTEM AND INFORMATION INTEGRITY |
4.4 Ensure non-ASCII characters in URLs are not allowed - Applications | SYSTEM AND INFORMATION INTEGRITY |
4.4 Ensure non-ASCII characters in URLs are not allowed - Default | SYSTEM AND INFORMATION INTEGRITY |
7.1 Ensure HSTS Header is set | SYSTEM AND COMMUNICATIONS PROTECTION |
7.4 Ensure TLS 1.0 is disabled | SYSTEM AND COMMUNICATIONS PROTECTION |
7.12 Ensure TLS Cipher Suite ordering is configured | SYSTEM AND COMMUNICATIONS PROTECTION |
CIS Microsoft IIS 10 Benchmark v1.1.0 Level 2 | |