DISA_IIS_8.5_Web_Site_v2r7.audit from DISA Microsoft IIS 8.5 Site v2r7 STIG

IISW-SI-000201 - The IIS 8.5 website session state must be enabled.

CAT|II

CCI|CCI-000054

Rule-ID|SV-214444r879511_rule

STIG-ID|IISW-SI-000201

STIG-Legacy|SV-91471

STIG-Legacy|V-76775

Vuln-ID|V-214444

IISW-SI-000202 - The IIS 8.5 website session state cookie settings must be configured to Use Cookies mode.

Rule-ID|SV-214445r879511_rule

STIG-ID|IISW-SI-000202

STIG-Legacy|SV-91473

STIG-Legacy|V-76777

Vuln-ID|V-214445

IISW-SI-000203 - A private IIS 8.5 website must only accept Secure Socket Layer connections.

CCI|CCI-000068

Rule-ID|SV-214446r879519_rule

STIG-ID|IISW-SI-000203

STIG-Legacy|SV-91475

STIG-Legacy|V-76779

Vuln-ID|V-214446

IISW-SI-000204 - A public IIS 8.5 website must only accept Secure Socket Layer connections when authentication is required.

Rule-ID|SV-214447r879519_rule

STIG-ID|IISW-SI-000204

STIG-Legacy|SV-91477

STIG-Legacy|V-76781

Vuln-ID|V-214447

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Client IP Address

CCI|CCI-001462

CCI|CCI-001464

Rule-ID|SV-214448r879562_rule

STIG-ID|IISW-SI-000205

STIG-Legacy|SV-91479

STIG-Legacy|V-76783

Vuln-ID|V-214448

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Date

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Method

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Protocol Status

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Referer

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Time

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field URI Query

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field User Name

IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Format W3C

IISW-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 8.5 website must be enabled.

CCI|CCI-000139

Rule-ID|SV-214449r879562_rule

STIG-ID|IISW-SI-000206

STIG-Legacy|SV-91481

STIG-Legacy|V-76785

Vuln-ID|V-214449

IISW-SI-000208 - An IIS 8.5 website behind a load balancer or proxy server, must produce log records containing the source client IP and destination information.

CCI|CCI-000133

Rule-ID|SV-214450r879566_rule

STIG-ID|IISW-SI-000208

STIG-Legacy|SV-91483

STIG-Legacy|V-76787

Vuln-ID|V-214450

IISW-SI-000209 - The IIS 8.5 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 8.5 website events - Connection

CCI|CCI-000134

Rule-ID|SV-214451r879567_rule

STIG-ID|IISW-SI-000209

STIG-Legacy|SV-91485

STIG-Legacy|V-76789

Vuln-ID|V-214451

IISW-SI-000209 - The IIS 8.5 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 8.5 website events - Warning

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom Authorization

CCI|CCI-001487

Rule-ID|SV-214452r879568_rule

STIG-ID|IISW-SI-000210

STIG-Legacy|SV-91487

STIG-Legacy|V-76791

Vuln-ID|V-214452

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom Content-Type

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom HTTP_USER_AGENT

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Custom User-Agent

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - Referer

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - User Agent

IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event - User Name

IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - bat

CCI|CCI-000381

Rule-ID|SV-214454r879587_rule

STIG-ID|IISW-SI-000214

STIG-Legacy|SV-91493

STIG-Legacy|V-76797

Vuln-ID|V-214454

IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - com

IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - csh

IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - dll

IISW-SI-000214 - The IIS 8.5 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - exe

IISW-SI-000215 - Mappings to unused and vulnerable scripts on the IIS 8.5 website must be removed.

Rule-ID|SV-214455r879587_rule

STIG-ID|IISW-SI-000215

STIG-Legacy|SV-91495

STIG-Legacy|V-76799

Vuln-ID|V-214455

IISW-SI-000216 - The IIS 8.5 website must have resource mappings set to disable the serving of certain file types.

Rule-ID|SV-214456r879587_rule

STIG-ID|IISW-SI-000216

STIG-Legacy|SV-91497

STIG-Legacy|V-76801

Vuln-ID|V-214456

IISW-SI-000217 - The IIS 8.5 website must have Web Distributed Authoring and Versioning (WebDAV) disabled.

Rule-ID|SV-214457r879587_rule

STIG-ID|IISW-SI-000217

STIG-Legacy|SV-91499

STIG-Legacy|V-76803

Vuln-ID|V-214457

IISW-SI-000219 - Each IIS 8.5 website must be assigned a default host header.

CCI|CCI-000382

Rule-ID|SV-214459r879588_rule

STIG-ID|IISW-SI-000219

STIG-Legacy|SV-91503

STIG-Legacy|V-76807

Vuln-ID|V-214459

IISW-SI-000220 - A private websites authentication mechanism must use client certificates to transmit session identifier to assure integrity.

CCI|CCI-000197

CCI|CCI-001188

CCI|CCI-002470

Rule-ID|SV-214460r879609_rule

STIG-ID|IISW-SI-000220

STIG-Legacy|SV-91505

STIG-Legacy|V-76809

Vuln-ID|V-214460

IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted - Anonymous username

CAT|I

CCI|CCI-001082

Rule-ID|SV-214461r879631_rule

STIG-ID|IISW-SI-000221

STIG-Legacy|SV-91507

STIG-Legacy|V-76811

Vuln-ID|V-214461

IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted - Local System Groups

IISW-SI-000223 - The IIS 8.5 website must generate unique session identifiers that cannot be reliably reproduced.

Rule-ID|SV-214462r879639_rule

STIG-ID|IISW-SI-000223

STIG-Legacy|SV-91509

STIG-Legacy|V-76813

Vuln-ID|V-214462

IISW-SI-000224 - The IIS 8.5 website document directory must be in a separate partition from the IIS 8.5 websites system files.

CCI|CCI-001084

Rule-ID|SV-214463r879643_rule

STIG-ID|IISW-SI-000224

STIG-Legacy|SV-91511

STIG-Legacy|V-76815

Vuln-ID|V-214463

IISW-SI-000225 - The IIS 8.5 website must be configured to limit the maxURL.

CCI|CCI-001094

Rule-ID|SV-214464r879650_rule

STIG-ID|IISW-SI-000225

STIG-Legacy|SV-91513

STIG-Legacy|V-76817

Vuln-ID|V-214464

IISW-SI-000226 - The IIS 8.5 website must be configured to limit the size of web requests.

Rule-ID|SV-214465r879650_rule

STIG-ID|IISW-SI-000226

STIG-Legacy|SV-91515

STIG-Legacy|V-76819

Vuln-ID|V-214465

IISW-SI-000227 - The IIS 8.5 websites Maximum Query String limit must be configured.

Rule-ID|SV-214466r879650_rule

STIG-ID|IISW-SI-000227

STIG-Legacy|SV-91517

STIG-Legacy|V-76821

Vuln-ID|V-214466

IISW-SI-000228 - Non-ASCII characters in URLs must be prohibited by any IIS 8.5 website.

Rule-ID|SV-214467r879650_rule

STIG-ID|IISW-SI-000228

STIG-Legacy|SV-91519

STIG-Legacy|V-76823

Vuln-ID|V-214467

IISW-SI-000229 - Double encoded URL requests must be prohibited by any IIS 8.5 website.

Rule-ID|SV-214468r879650_rule

STIG-ID|IISW-SI-000229

STIG-Legacy|SV-91521

STIG-Legacy|V-76825

Vuln-ID|V-214468

IISW-SI-000230 - Unlisted file extensions in URL requests must be filtered by any IIS 8.5 website.

Rule-ID|SV-214469r879650_rule

STIG-ID|IISW-SI-000230

STIG-Legacy|SV-91523

STIG-Legacy|V-76827

Vuln-ID|V-214469

IISW-SI-000231 - Directory Browsing on the IIS 8.5 website must be disabled.

CCI|CCI-001310

Rule-ID|SV-214470r879652_rule

STIG-ID|IISW-SI-000231

STIG-Legacy|SV-91525

STIG-Legacy|V-76829

Vuln-ID|V-214470

IISW-SI-000233 - Warning and error messages displayed to clients must be modified to minimize the identity of the IIS 8.5 website, patches, loaded modules, and directory paths.

CCI|CCI-001312

Rule-ID|SV-214472r879655_rule

STIG-ID|IISW-SI-000233

STIG-Legacy|SV-91531

STIG-Legacy|V-76835

Vuln-ID|V-214472

IISW-SI-000234 - Debugging and trace information used to diagnose the IIS 8.5 website must be disabled.

Detections

Analytics

DISA IIS 8.5 Site v2r7

Warning! Audit Deprecated

Audit Details

Audit Changelog

Revision 1.3

Miscellaneous

Revision 1.2

Functional Update

Revision 1.1

Miscellaneous