IISW-SV-000118 - The IIS 8.5 web server must only contain functions necessary for operation.

Information

A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system.

The web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Remove all unapproved programs and roles from the production IIS 8.5 web server.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_8-5_Y20M10_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7, CAT|II, CCI|CCI-000381, CSCv6|9.1, Rule-ID|SV-214408r508658_rule, STIG-ID|IISW-SV-000118, STIG-Legacy|SV-91397, STIG-Legacy|V-76701, Vuln-ID|V-214408

Plugin: Windows

Control ID: e8382077c2246c942848b7913bc804505375d2156ad21559645a628a65d0635a