| 2.4 Ensure 'forms authentication' is set to use cookies | CONFIGURATION MANAGEMENT |
| 2.8 Ensure 'credentials' are not stored in configuration files | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Ensure 'debug' is turned off | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure custom error messages are not off | SYSTEM AND INFORMATION INTEGRITY |
| 3.5 Ensure ASP.NET stack tracing is not enabled | CONFIGURATION MANAGEMENT |
| 3.6 Ensure 'httpcookie' mode is configured for session state | CONFIGURATION MANAGEMENT |
| 3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ensure 'encryption providers' are locked down | ACCESS CONTROL |
| 4.1 Ensure 'maxAllowedContentLength' is configured | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure 'maxURL request filter' is configured | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'MaxQueryString request filter' is configured | SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure non-ASCII characters in URLs are not allowed | SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Ensure HSTS Header is set | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure TLS 1.0 is disabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.14 Ensure TLS Cipher Suite ordering is configured | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS Microsoft IIS 8 Benchmark v1.5.1 Level 2 | |
