IISW-SV-000148 - The IIS 8.5 web server must not be running on a system providing any other role.

Information

Web servers provide numerous processes, features, and functionalities that utilize TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system.

The web server must provide the capability to disable or deactivate network-related services that are deemed to be non-essential to the server mission, are too unsecure, or are prohibited by the PPSM CAL and vulnerability assessments.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Remove all unapproved programs and roles from the production web server.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_8-5_Y23M10_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(1)(b), CAT|II, CCI|CCI-001762, Rule-ID|SV-214432r879756_rule, STIG-ID|IISW-SV-000148, STIG-Legacy|SV-91447, STIG-Legacy|V-76751, Vuln-ID|V-214432

Plugin: Windows

Control ID: 303c0f4c849176d98f2951d74766808d21a98d8f5ab04dba4b8195811e2e97d8