CIS IIS 10 v1.1.0 Level 2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS IIS 10 v1.1.0 Level 2

Updated: 12/9/2020

Authority: CIS

Plugin: Windows

Revision: 1.2

Estimated Item Count: 30

Audit Items

DescriptionCategories
2.4 Ensure 'forms authentication' is set to use cookies - Application

CONFIGURATION MANAGEMENT

2.4 Ensure 'forms authentication' is set to use cookies - Default

CONFIGURATION MANAGEMENT

2.8 Ensure 'credentials' are not stored in configuration files - Applications

IDENTIFICATION AND AUTHENTICATION

2.8 Ensure 'credentials' are not stored in configuration files - Default

IDENTIFICATION AND AUTHENTICATION

3.2 Ensure 'debug' is turned off - Applications

SYSTEM AND INFORMATION INTEGRITY

3.2 Ensure 'debug' is turned off - Default

SYSTEM AND INFORMATION INTEGRITY

3.3 Ensure custom error messages are not off - Applications

SYSTEM AND INFORMATION INTEGRITY

3.3 Ensure custom error messages are not off - Default

SYSTEM AND INFORMATION INTEGRITY

3.5 Ensure ASP.NET stack tracing is not enabled - Applications

SYSTEM AND INFORMATION INTEGRITY

3.5 Ensure ASP.NET stack tracing is not enabled - Default

SYSTEM AND INFORMATION INTEGRITY

3.6 Ensure 'httpcookie' mode is configured for session state - Applications

CONFIGURATION MANAGEMENT

3.6 Ensure 'httpcookie' mode is configured for session state - Default

CONFIGURATION MANAGEMENT

3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Applications

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Default

SYSTEM AND COMMUNICATIONS PROTECTION

3.11 Ensure Server Header is removed - Applications

SYSTEM AND COMMUNICATIONS PROTECTION

3.11 Ensure Server Header is removed - Default

SYSTEM AND COMMUNICATIONS PROTECTION

3.11 Ensure X-Powered-By Header is removed - Applications

SYSTEM AND COMMUNICATIONS PROTECTION

3.11 Ensure X-Powered-By Header is removed - Default

SYSTEM AND COMMUNICATIONS PROTECTION

4.1 Ensure 'maxAllowedContentLength' is configured - Applications

SYSTEM AND INFORMATION INTEGRITY

4.1 Ensure 'maxAllowedContentLength' is configured - Default

SYSTEM AND INFORMATION INTEGRITY

4.2 Ensure 'maxURL request filter' is configured - Applications

SYSTEM AND INFORMATION INTEGRITY

4.2 Ensure 'maxURL request filter' is configured - Default

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure 'MaxQueryString request filter' is configured - Applications

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure 'MaxQueryString request filter' is configured - Default

SYSTEM AND INFORMATION INTEGRITY

4.4 Ensure non-ASCII characters in URLs are not allowed - Applications

SYSTEM AND INFORMATION INTEGRITY

4.4 Ensure non-ASCII characters in URLs are not allowed - Default

SYSTEM AND INFORMATION INTEGRITY

7.1 Ensure HSTS Header is set

SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure TLS 1.0 is disabled

SYSTEM AND COMMUNICATIONS PROTECTION

7.12 Ensure TLS Cipher Suite ordering is configured

SYSTEM AND COMMUNICATIONS PROTECTION

CIS Microsoft IIS 10 Benchmark v1.1.0 Level 2