CIS IIS 7 L2 v1.8.0

Audit Details

Name: CIS IIS 7 L2 v1.8.0

Updated: 6/17/2024

Authority: CIS

Plugin: Windows

Revision: 1.17

Estimated Item Count: 34

File Details

Filename: CIS_v1.8_MS_IIS_7_Level_2.audit

Size: 79 kB

MD5: 1610dc195725a43a25caf9d4b14d116d
SHA256: de3b8d96dd00023f830f2c3c9772e860997764c0b33feb2118e616eb7efd7d73

Audit Items

DescriptionCategories
2.4 Ensure 'forms authentication' is set to use cookies - Applications

CONFIGURATION MANAGEMENT

2.4 Ensure 'forms authentication' is set to use cookies - Default

CONFIGURATION MANAGEMENT

2.4 Ensure 'forms authentication' is set to use cookies - Not Enabled
2.8 Ensure 'credentials' are not stored in configuration files - Applications

IDENTIFICATION AND AUTHENTICATION

2.8 Ensure 'credentials' are not stored in configuration files - Default

IDENTIFICATION AND AUTHENTICATION

3.2 Ensure 'debug' is turned off
3.2 Ensure 'debug' is turned off - Applications

SYSTEM AND INFORMATION INTEGRITY

3.2 Ensure 'debug' is turned off - Default

SYSTEM AND INFORMATION INTEGRITY

3.3 Ensure Custom Error Messages are not Off
3.3 Ensure Custom Error Messages are not Off - Applications

SYSTEM AND INFORMATION INTEGRITY

3.3 Ensure Custom Error Messages are not Off - Default

SYSTEM AND INFORMATION INTEGRITY

3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely
3.5 Ensure ASP.NET stack tracing is not enabled

CONFIGURATION MANAGEMENT

3.5 Ensure ASP.NET stack tracing is not enabled - Applications

SYSTEM AND INFORMATION INTEGRITY

3.5 Ensure ASP.NET stack tracing is not enabled - Default

SYSTEM AND INFORMATION INTEGRITY

3.6 Ensure 'httpcookie' mode is configured for session state
3.6 Ensure 'httpcookie' mode is configured for session state - Applications

CONFIGURATION MANAGEMENT

3.6 Ensure 'httpcookie' mode is configured for session state - Default

CONFIGURATION MANAGEMENT

3.7 Ensure 'cookies' are set with HttpOnly attribute
3.7 Ensure 'cookies' are set with HttpOnly attribute - Applications

ACCESS CONTROL

3.7 Ensure 'cookies' are set with HttpOnly attribute - Default

ACCESS CONTROL

3.11 Ensure 'encryption providers' are locked down

ACCESS CONTROL

4.1 Ensure 'maxAllowedContentLength' is configured - Applications

SYSTEM AND INFORMATION INTEGRITY

4.1 Ensure 'maxAllowedContentLength' is configured - Default

SYSTEM AND INFORMATION INTEGRITY

4.2 Ensure 'maxURL request filter' is configured - Applications

SYSTEM AND INFORMATION INTEGRITY

4.2 Ensure 'maxURL request filter' is configured - Default

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure 'MaxQueryString request filter' is configured - Applications

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure 'MaxQueryString request filter' is configured - Default

SYSTEM AND INFORMATION INTEGRITY

4.4 Ensure non-ASCII characters in URLs are not allowed - Applications

SYSTEM AND INFORMATION INTEGRITY

4.4 Ensure non-ASCII characters in URLs are not allowed - Default

SYSTEM AND INFORMATION INTEGRITY

7.1 Ensure HSTS Header is set

SYSTEM AND COMMUNICATIONS PROTECTION

7.14 Ensure TLS Cipher Suite ordering is configured

SYSTEM AND COMMUNICATIONS PROTECTION

7.15 Ensure TLS Cipher Suite ordering is configured

SYSTEM AND COMMUNICATIONS PROTECTION

CIS Security Benchmark For Microsoft IIS 7.0/7.5 v1.8.0 Level II.