| DISA_IIS_6.0_Web_Site_v6r16.audit from DISA Microsoft IIS 6.0 Site v6r16 STIG | |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - '.asa' | ACCESS CONTROL |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - '.asax' | ACCESS CONTROL |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - '.inc file permissions' | ACCESS CONTROL |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - '.inc' | ACCESS CONTROL |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - 'global.asa' | ACCESS CONTROL |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - 'global.asax' | ACCESS CONTROL |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - '.bat mappings' | CONFIGURATION MANAGEMENT |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - '.cmd mappings' | CONFIGURATION MANAGEMENT |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - '.HTR scripting Disallowed' | CONFIGURATION MANAGEMENT |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - 'Allowed Web Service Extensions' | CONFIGURATION MANAGEMENT |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - 'Index Server Web Interface Disallowed' | CONFIGURATION MANAGEMENT |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - 'Internet Data Connector Disallowed' | CONFIGURATION MANAGEMENT |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - 'Server Side Includes Disallowed' | CONFIGURATION MANAGEMENT |
| WA000-WI070 IIS6 - Indexing Services must only index web content. | CONFIGURATION MANAGEMENT |
| WA000-WI090 IIS6 - Directory browsing must be disabled. | CONFIGURATION MANAGEMENT |
| WA000-WI092 IIS6 - The IIS web site permissions 'Write' or 'Script Source' must not be selected. - 'Script Source permission check' | ACCESS CONTROL |
| WA000-WI092 IIS6 - The IIS web site permissions 'Write' or 'Script Source' must not be selected. - 'Write permission check' | ACCESS CONTROL |
| WA000-WI120 IIS6 - The Content Location header must not contain proprietary IP addresses. | CONFIGURATION MANAGEMENT |
| WA000-WI6010 IIS6 - The web site must have a unique application pool. | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6020 IIS6 - The Recycle Worker processes in minutes monitor must be set properly. | CONFIGURATION MANAGEMENT |
| WA000-WI6022 IIS6 - The maximum number of requests an application pool can process must be set. | CONFIGURATION MANAGEMENT |
| WA000-WI6024 IIS6 - The maximum virtual memory monitor must be enabled. | CONFIGURATION MANAGEMENT |
| WA000-WI6026 IIS6 - The maximum used memory monitor must be enabled. | CONFIGURATION MANAGEMENT |
| WA000-WI6028 IIS6 - The Shutdown worker processes Idle Timeout monitor must be enabled. | CONFIGURATION MANAGEMENT |
| WA000-WI6030 IIS6 - The Limit the kernel request queue monitor must be enabled | CONFIGURATION MANAGEMENT |
| WA000-WI6032 IIS6 - The Enable pinging monitor must be enabled. - 'PingingEnabled set to True' | CONFIGURATION MANAGEMENT |
| WA000-WI6032 IIS6 - The Enable pinging monitor must be enabled. - 'PingInterval set to 30 or more' | CONFIGURATION MANAGEMENT |
| WA000-WI6034 IIS6 - The Enable rapid-fail protection monitor must be enabled. | CONFIGURATION MANAGEMENT |
| WA000-WI6036 IIS6 - The Enable rapid-fail time period monitor must be enabled. | CONFIGURATION MANAGEMENT |
| WA000-WI6040 IIS6 - A unique non-privileged account must be used to run Worker Process Identities. - 'AppPoolIdentityType = 3 - WAMUserName' | ACCESS CONTROL |
| WA000-WI6040 IIS6 - A unique non-privileged account must be used to run Worker Process Identities. - 'AppPoolIdentityType Check' | ACCESS CONTROL |
| WA000-WI6098 IIS6 - The MaxRequestEntityAllowed metabase value must be defined. - 'IisWebDirectorySetting' | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6098 IIS6 - The MaxRequestEntityAllowed metabase value must be defined. - 'IisWebFileSetting' | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6098 IIS6 - The MaxRequestEntityAllowed metabase value must be defined. - 'IisWebServerSetting' | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6098 IIS6 - The MaxRequestEntityAllowed metabase value must be defined. - 'IisWebServiceSetting' | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6098 IIS6 - The MaxRequestEntityAllowed metabase value must be defined. - 'IisWebVirtualDirSetting' | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG110 IIS6 - Web sites must limit the number of simultaneous requests. | ACCESS CONTROL |
| WG140 IIS6 - A private web sites authentication mechanism must use client certificates. - 'AccessSSL Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG140 IIS6 - A private web sites authentication mechanism must use client certificates. - 'AccessSSLRequireCert Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG145 IIS6 - The private web server must use an approved DoD certificate validation process. - 'Check W3SVC CertCheckMode' | IDENTIFICATION AND AUTHENTICATION |
| WG145 IIS6 - The private web server must use an approved DoD certificate validation process. - 'Check W3SVC/WEBSITES CertCheckMode' | |
| WG170 IIS6 - Each readable web document directory must contain a default, home, index or equivalent file. - 'DefaultDoc' | CONFIGURATION MANAGEMENT |
| WG170 IIS6 - Each readable web document directory must contain a default, home, index or equivalent file. - 'EnableDefaultDoc set to True' | CONFIGURATION MANAGEMENT |
| WG205 IIS6 - The web document (home) directory must be on a separate partition from the web servers system files. | CONFIGURATION MANAGEMENT |
| WG210 IIS6 - Web content directories must not be anonymously shared. | CONFIGURATION MANAGEMENT |
| WG235 IIS6 - Web Administrators must secure encrypted connections for Document Root directory uploads. | |
| WG240 IIS6 - Logs of web server access and errors must be established and maintained. | |
| WG242 IIS6 - Log file data must contain required data elements. - 'Logging Enabled' | AUDIT AND ACCOUNTABILITY |
| WG242 IIS6 - Log file data must contain required data elements. - 'Logging Properties Set Correctly' | AUDIT AND ACCOUNTABILITY |
