DISA IIS 8.5 Site v1r9

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA IIS 8.5 Site v1r9

Updated: 5/4/2021

Authority: DISA STIG

Plugin: Windows

Revision: 1.4

Estimated Item Count: 76

Audit Items

DescriptionCategories
DISA STIG IIS 8.5 Site
IISW-SI-000201 - The IIS 8.5 website session state must be enabled.

SYSTEM AND COMMUNICATIONS PROTECTION

IISW-SI-000202 - The IIS 8.5 website session state cookie settings must be configured to Use Cookies mode.

CONFIGURATION MANAGEMENT

IISW-SI-000203 - A private IIS 8.5 website must only accept Secure Socket Layer connections.

SYSTEM AND COMMUNICATIONS PROTECTION

IISW-SI-000204 - A public IIS 8.5 website must only accept Secure Socket Layer connections when authentication is required.

SYSTEM AND COMMUNICATIONS PROTECTION

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Client IP Address

AUDIT AND ACCOUNTABILITY

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Date

AUDIT AND ACCOUNTABILITY

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Method

AUDIT AND ACCOUNTABILITY

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Protocol Status

AUDIT AND ACCOUNTABILITY

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Referer

AUDIT AND ACCOUNTABILITY

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Time

AUDIT AND ACCOUNTABILITY

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field URI Query

AUDIT AND ACCOUNTABILITY

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field User Name

AUDIT AND ACCOUNTABILITY

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Format W3C

AUDIT AND ACCOUNTABILITY

IISW-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 8.5 website must be enabled.

AUDIT AND ACCOUNTABILITY

IISW-SI-000208 - An IIS 8.5 website behind a load balancer or proxy server, must produce log records containing the source client IP and destination information.
IISW-SI-000209 - The IIS 8.5 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 8.5 website events - Connection

AUDIT AND ACCOUNTABILITY

IISW-SI-000209 - The IIS 8.5 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 8.5 website events - Warning

AUDIT AND ACCOUNTABILITY

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom Authorization

AUDIT AND ACCOUNTABILITY

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom Content-Type

AUDIT AND ACCOUNTABILITY

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom HTTP_USER_AGENT

AUDIT AND ACCOUNTABILITY

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom User-Agent

AUDIT AND ACCOUNTABILITY

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Referer

AUDIT AND ACCOUNTABILITY

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - User Agent

AUDIT AND ACCOUNTABILITY

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - User Name

AUDIT AND ACCOUNTABILITY

IISW-SI-000213 - The log information from the IIS 8.5 website must be protected from unauthorized modification or deletion.
IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - bat

CONFIGURATION MANAGEMENT

IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - com

CONFIGURATION MANAGEMENT

IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - csh

CONFIGURATION MANAGEMENT

IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - dll

CONFIGURATION MANAGEMENT

IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - exe

CONFIGURATION MANAGEMENT

IISW-SI-000215 - Mappings to unused and vulnerable scripts on the IIS 8.5 website must be removed.
IISW-SI-000216 - The IIS 8.5 website must have resource mappings set to disable the serving of certain file types.
IISW-SI-000217 - The IIS 8.5 website must have Web Distributed Authoring and Versioning (WebDAV) disabled.

CONFIGURATION MANAGEMENT

IISW-SI-000218 - The production website must configure the Global .NET Trust Level.

ACCESS CONTROL

IISW-SI-000219 - Each IIS 8.5 website must be assigned a default host header.

CONFIGURATION MANAGEMENT

IISW-SI-000220 - A private websites authentication mechanism must use client certificates to transmit session identifier to assure integrity.

IDENTIFICATION AND AUTHENTICATION

IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted - Anonymous username

ACCESS CONTROL

IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted - Local System Groups

ACCESS CONTROL

IISW-SI-000223 - The IIS 8.5 website must generate unique session identifiers that cannot be reliably reproduced.

SYSTEM AND COMMUNICATIONS PROTECTION

IISW-SI-000224 - The IIS 8.5 website document directory must be in a separate partition from the IIS 8.5 websites system files.

CONFIGURATION MANAGEMENT

IISW-SI-000225 - The IIS 8.5 website must be configured to limit the maxURL.

SYSTEM AND INFORMATION INTEGRITY

IISW-SI-000226 - The IIS 8.5 website must be configured to limit the size of web requests.

SYSTEM AND INFORMATION INTEGRITY

IISW-SI-000227 - The IIS 8.5 websites Maximum Query String limit must be configured.

SYSTEM AND INFORMATION INTEGRITY

IISW-SI-000228 - Non-ASCII characters in URLs must be prohibited by any IIS 8.5 website.

SYSTEM AND INFORMATION INTEGRITY

IISW-SI-000229 - Double encoded URL requests must be prohibited by any IIS 8.5 website.

CONFIGURATION MANAGEMENT

IISW-SI-000230 - Unlisted file extensions in URL requests must be filtered by any IIS 8.5 website.

CONFIGURATION MANAGEMENT

IISW-SI-000231 - Directory Browsing on the IIS 8.5 website must be disabled.

CONFIGURATION MANAGEMENT

IISW-SI-000232 - The IIS 8.5 website must prevent a web content directory from being displayed.

CONFIGURATION MANAGEMENT

IISW-SI-000233 - Warning and error messages displayed to clients must be modified to minimize the identity of the IIS 8.5 website, patches, loaded modules, and directory paths.

SYSTEM AND INFORMATION INTEGRITY