May 17, 2022 Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
|
Apr 25, 2022 |
Mar 18, 2022 Functional Update- IIST-SI-000228 - Non-ASCII characters in URLs must be prohibited by any IIS 10.0 website.
|
Mar 10, 2022 Functional Update- IIST-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 10.0 website must be enabled.
- IIST-SI-000209 - The IIS 10.0 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 10.0 website events - Connection
- IIST-SI-000209 - The IIS 10.0 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 10.0 website events - Warning
- IIST-SI-000210 - The IIS 10.0 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom Authorization
- IIST-SI-000210 - The IIS 10.0 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom Content-Type
- IIST-SI-000210 - The IIS 10.0 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Referer
- IIST-SI-000210 - The IIS 10.0 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - User Agent
- IIST-SI-000210 - The IIS 10.0 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - User Name
- IIST-SI-000235 - The Idle Time-out monitor for each IIS 10.0 website must be enabled.
- IIST-SI-000257 - The application pools pinging monitor for each IIS 10.0 website must be enabled.
Informational Update- IIST-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 10.0 website must be enabled.
Removed- IIST-SI-000210 - The IIS 10.0 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom HTTP_USER_AGENT
- IIST-SI-000210 - The IIS 10.0 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom User-Agent
- IIST-SI-000253 - The amount of virtual memory an application pool uses for each IIS 10.0 website must be explicitly set.
- IIST-SI-000254 - The amount of private memory an application pool uses for each IIS 10.0 website must be explicitly set.
|
Jul 30, 2021 Miscellaneous- Metadata updated.
- References updated.
|
Jun 17, 2021 Miscellaneous- Metadata updated.
- References updated.
|
Mar 18, 2021 Miscellaneous- Metadata updated.
- References updated.
|
Dec 9, 2020 Informational Update- DISA_IIS_10.0_Web_Site_v2r1.audit from DISA Microsoft IIS 10.0 Site v2r1 STIG
Miscellaneous- Platform check updated.
- See also link updated.
|
