1.2.3 Require SSL in Forms Authentication

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Requiring SSL for Forms Authentication will protect the confidentiality of credentials during the login process, helping mitigate the risk of stolen user information.

Solution

Open IIS Manager and navigate to the appropriate tier In Features View, double-click Authentication On the Authentication page, select Forms Authentication In the Actions pane, click Edit Check the Requires SSL checkbox in the cookie settings section, click OK

See Also

https://benchmarks.cisecurity.org/tools2/iis/CIS_Microsoft_IIS_7_Benchmark_v1.7.1.pdf

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8

Plugin: Windows

Control ID: 35b56475ca6e172926969cd7bafeabd924eabb280a291b6c45a53067ab7d3a3f