DISA IIS 8.5 Site v2r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA IIS 8.5 Site v2r1

Updated: 6/10/2022

Authority: Operating Systems and Applications

Plugin: Windows

Revision: 1.5

Estimated Item Count: 73

Audit Items

Description	Categories
DISA_IIS_8.5_Web_Site_v2r1.audit from DISA STIG IIS 8.5 Site
IISW-SI-000201 - The IIS 8.5 website session state must be enabled.	SYSTEM AND COMMUNICATIONS PROTECTION
IISW-SI-000202 - The IIS 8.5 website session state cookie settings must be configured to Use Cookies mode.	CONFIGURATION MANAGEMENT
IISW-SI-000203 - A private IIS 8.5 website must only accept Secure Socket Layer connections.	SYSTEM AND COMMUNICATIONS PROTECTION
IISW-SI-000204 - A public IIS 8.5 website must only accept Secure Socket Layer connections when authentication is required.	SYSTEM AND COMMUNICATIONS PROTECTION
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Client IP Address	AUDIT AND ACCOUNTABILITY
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Date	AUDIT AND ACCOUNTABILITY
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Method	AUDIT AND ACCOUNTABILITY
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Protocol Status	AUDIT AND ACCOUNTABILITY
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Referer	AUDIT AND ACCOUNTABILITY
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Time	AUDIT AND ACCOUNTABILITY
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field URI Query	AUDIT AND ACCOUNTABILITY
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field User Name	AUDIT AND ACCOUNTABILITY
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Format W3C	AUDIT AND ACCOUNTABILITY
IISW-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 8.5 website must be enabled.	AUDIT AND ACCOUNTABILITY
IISW-SI-000208 - An IIS 8.5 website behind a load balancer or proxy server, must produce log records containing the source client IP and destination information.
IISW-SI-000209 - The IIS 8.5 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 8.5 website events - Connection	AUDIT AND ACCOUNTABILITY
IISW-SI-000209 - The IIS 8.5 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 8.5 website events - Warning	AUDIT AND ACCOUNTABILITY
IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom Authorization	AUDIT AND ACCOUNTABILITY
IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom Content-Type	AUDIT AND ACCOUNTABILITY
IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom HTTP_USER_AGENT	AUDIT AND ACCOUNTABILITY
IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom User-Agent	AUDIT AND ACCOUNTABILITY
IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Referer	AUDIT AND ACCOUNTABILITY
IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - User Agent	AUDIT AND ACCOUNTABILITY
IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - User Name	AUDIT AND ACCOUNTABILITY
IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - bat	CONFIGURATION MANAGEMENT
IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - com	CONFIGURATION MANAGEMENT
IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - csh	CONFIGURATION MANAGEMENT
IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - dll	CONFIGURATION MANAGEMENT
IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - exe	CONFIGURATION MANAGEMENT
IISW-SI-000215 - Mappings to unused and vulnerable scripts on the IIS 8.5 website must be removed.
IISW-SI-000216 - The IIS 8.5 website must have resource mappings set to disable the serving of certain file types.
IISW-SI-000217 - The IIS 8.5 website must have Web Distributed Authoring and Versioning (WebDAV) disabled.	CONFIGURATION MANAGEMENT
IISW-SI-000219 - Each IIS 8.5 website must be assigned a default host header.	CONFIGURATION MANAGEMENT
IISW-SI-000220 - A private websites authentication mechanism must use client certificates to transmit session identifier to assure integrity.	IDENTIFICATION AND AUTHENTICATION
IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted - Anonymous username	ACCESS CONTROL
IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted - Local System Groups	ACCESS CONTROL
IISW-SI-000223 - The IIS 8.5 website must generate unique session identifiers that cannot be reliably reproduced.	SYSTEM AND COMMUNICATIONS PROTECTION
IISW-SI-000224 - The IIS 8.5 website document directory must be in a separate partition from the IIS 8.5 websites system files.	CONFIGURATION MANAGEMENT
IISW-SI-000225 - The IIS 8.5 website must be configured to limit the maxURL.	SYSTEM AND INFORMATION INTEGRITY
IISW-SI-000226 - The IIS 8.5 website must be configured to limit the size of web requests.	SYSTEM AND INFORMATION INTEGRITY
IISW-SI-000227 - The IIS 8.5 websites Maximum Query String limit must be configured.	SYSTEM AND INFORMATION INTEGRITY
IISW-SI-000228 - Non-ASCII characters in URLs must be prohibited by any IIS 8.5 website.	SYSTEM AND INFORMATION INTEGRITY
IISW-SI-000229 - Double encoded URL requests must be prohibited by any IIS 8.5 website.	CONFIGURATION MANAGEMENT
IISW-SI-000230 - Unlisted file extensions in URL requests must be filtered by any IIS 8.5 website.	CONFIGURATION MANAGEMENT
IISW-SI-000231 - Directory Browsing on the IIS 8.5 website must be disabled.	CONFIGURATION MANAGEMENT
IISW-SI-000233 - Warning and error messages displayed to clients must be modified to minimize the identity of the IIS 8.5 website, patches, loaded modules, and directory paths.	SYSTEM AND INFORMATION INTEGRITY
IISW-SI-000234 - Debugging and trace information used to diagnose the IIS 8.5 website must be disabled.	SYSTEM AND INFORMATION INTEGRITY
IISW-SI-000235 - The Idle Time-out monitor for each IIS 8.5 website must be enabled.	ACCESS CONTROL
IISW-SI-000236 - The IIS 8.5 websites connectionTimeout setting must be explicitly configured to disconnect an idle session.	ACCESS CONTROL

Detections

Analytics

DISA IIS 8.5 Site v2r1

Warning! Audit Deprecated

Audit Details

Audit Items