| 2.4 Ensure 'forms authentication' is set to use cookies - Applications | CONFIGURATION MANAGEMENT |
| 2.4 Ensure 'forms authentication' is set to use cookies - Default | CONFIGURATION MANAGEMENT |
| 2.4 Ensure 'forms authentication' is set to use cookies - Not Enabled | |
| 2.8 Ensure 'credentials' are not stored in configuration files - Applications | IDENTIFICATION AND AUTHENTICATION |
| 2.8 Ensure 'credentials' are not stored in configuration files - Default | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Ensure 'debug' is turned off | |
| 3.2 Ensure 'debug' is turned off - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Ensure 'debug' is turned off - Default | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure Custom Error Messages are not Off | |
| 3.3 Ensure Custom Error Messages are not Off - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure Custom Error Messages are not Off - Default | SYSTEM AND INFORMATION INTEGRITY |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely | |
| 3.5 Ensure ASP.NET stack tracing is not enabled | CONFIGURATION MANAGEMENT |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Default | SYSTEM AND INFORMATION INTEGRITY |
| 3.6 Ensure 'httpcookie' mode is configured for session state | |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CONFIGURATION MANAGEMENT |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Default | CONFIGURATION MANAGEMENT |
| 3.7 Ensure 'cookies' are set with HttpOnly attribute | |
| 3.7 Ensure 'cookies' are set with HttpOnly attribute - Applications | ACCESS CONTROL |
| 3.7 Ensure 'cookies' are set with HttpOnly attribute - Default | ACCESS CONTROL |
| 3.11 Ensure 'encryption providers' are locked down | ACCESS CONTROL |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Default | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure 'maxURL request filter' is configured - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure 'maxURL request filter' is configured - Default | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Default | SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Applications | SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Default | SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Ensure HSTS Header is set | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.14 Ensure TLS Cipher Suite ordering is configured | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.15 Ensure TLS Cipher Suite ordering is configured | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS Security Benchmark For Microsoft IIS 7.0/7.5 v1.8.0 Level II. | |
