Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.4 Ensure 'application pool identity' is configured for all application poolsCIS IIS 7 L1 v1.8.0Windows

ACCESS CONTROL

2.1.18 Ensure web server services are not in useCIS Red Hat Enterprise Linux 10 v1.0.1 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.18 Ensure web server services are not in useCIS Ubuntu Linux 20.04 LTS v3.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.1.18 Ensure web server services are not in useCIS Debian Linux 12 v1.1.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.18 Ensure web server services are not in useCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.18 Ensure web server services are not in useCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.18 Ensure web server services are not in useCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.1.18 Ensure web server services are not in useCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.18 Ensure web server services are not in useCIS Oracle Linux 10 v1.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.18 Ensure web server services are not in useCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.1.18 Ensure web server services are not in useCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.19 Ensure web server services are not in useCIS Red Hat Enterprise Linux 8 v4.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.19 Ensure web server services are not in useCIS Rocky Linux 8 v3.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.19 Ensure web server services are not in useCIS SUSE Linux Enterprise 15 v2.0.1 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.19 Ensure web server services are not in useCIS Oracle Linux 8 v4.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.1.19 Ensure web server services are not in useCIS Oracle Linux 8 v4.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.19 Ensure web server services are not in useCIS AlmaLinux OS 8 v4.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.2.18 Ensure web server services are not in useCIS Oracle Linux 7 v4.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.2.18 Ensure web server services are not in useCIS Red Hat Enterprise Linux 7 v4.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.2.18 Ensure web server services are not in useCIS Amazon Linux 2 v4.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.2.18 Ensure web server services are not in useCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.2.18 Ensure web server services are not in useCIS CentOS Linux 7 v4.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.2.18 Ensure web server services are not in useCIS Oracle Linux 7 v4.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.2.18 Ensure web server services are not in useCIS Red Hat Enterprise Linux 7 v4.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.2.32 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (MS only)CIS Microsoft Windows Server 2022 v5.0.0 L1 MSWindows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.35 Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

CONFIGURATION MANAGEMENT

IIST-SI-000215 - Mappings to unused and vulnerable scripts on the IIS 10.0 website must be removed.DISA IIS 10.0 Site v2r14Windows

CONFIGURATION MANAGEMENT

IIST-SI-000251 - The IIS 10.0 website must have a unique application pool.DISA IIS 10.0 Site v2r14Windows

CONFIGURATION MANAGEMENT

IIST-SI-000255 - The application pool for each IIS 10.0 website must have a recycle time explicitly set.DISA IIS 10.0 Site v2r14Windows

CONFIGURATION MANAGEMENT

IIST-SI-000258 - The application pools rapid fail protection for each IIS 10.0 website must be enabled.DISA IIS 10.0 Site v2r14Windows

CONFIGURATION MANAGEMENT

IIST-SI-000262 - Interactive scripts on the IIS 10.0 web server must have restrictive access controls.DISA IIS 10.0 Site v2r14Windows

CONFIGURATION MANAGEMENT

IIST-SI-000263 - Backup interactive scripts on the IIS 10.0 server must be removed.DISA IIS 10.0 Site v2r14Windows

CONFIGURATION MANAGEMENT

IIST-SI-000264 - The required DoD banner page must be displayed to authenticated users accessing a DoD private website.DISA IIS 10.0 Site v2r14Windows

CONFIGURATION MANAGEMENT

IIST-SI-000270 - HTTPAPI Server version must be removed from the HTTP Response Header information.DISA IIS 10.0 Site v2r14Windows

SYSTEM AND INFORMATION INTEGRITY

IIST-SV-000118 - The IIS 10.0 web server must only contain functions necessary for operation.DISA IIS 10.0 Server v3r6Windows

CONFIGURATION MANAGEMENT

IIST-SV-000129 - The IIS 10.0 web server must perform RFC 5280-compliant certification path validation.DISA IIS 10.0 Server v2r10Windows

IDENTIFICATION AND AUTHENTICATION

IIST-SV-000138 - Directory Browsing on the IIS 10.0 web server must be disabled.DISA IIS 10.0 Server v2r10Windows

SYSTEM AND INFORMATION INTEGRITY

IIST-SV-000138 - Directory Browsing on the IIS 10.0 web server must be disabled.DISA IIS 10.0 Server v3r6Windows

SYSTEM AND INFORMATION INTEGRITY

IISW-SI-000255 - The application pool for each IIS 8.5 website must have a recycle time explicitly set.DISA IIS 8.5 Site v2r9Windows

CONFIGURATION MANAGEMENT

IISW-SI-000257 - The application pools pinging monitor for each IIS 8.5 website must be enabled.DISA IIS 8.5 Site v2r9Windows

CONFIGURATION MANAGEMENT

IISW-SI-000262 - Interactive scripts on the IIS 8.5 web server must have restrictive access controls.DISA IIS 8.5 Site v2r9Windows

CONFIGURATION MANAGEMENT

IISW-SI-000263 - Backup interactive scripts on the IIS 8.5 server must be removed.DISA IIS 8.5 Site v2r9Windows

CONFIGURATION MANAGEMENT

IISW-SI-009999 - The version of IIS running on the system must be a supported version.DISA IIS 8.5 Site v2r9Windows

SYSTEM AND INFORMATION INTEGRITY

IISW-SV-000129 - The IIS 8.5 web server must perform RFC 5280-compliant certification path validation.DISA IIS 8.5 Server v2r7Windows

IDENTIFICATION AND AUTHENTICATION

IISW-SV-000137 - The production IIS 8.5 web server must utilize SHA2 encryption for the Machine Key.DISA IIS 8.5 Server v2r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

IISW-SV-000138 - Directory Browsing on the IIS 8.5 web server must be disabled.DISA IIS 8.5 Server v2r7Windows

SYSTEM AND INFORMATION INTEGRITY

SP13-00-000125 - SharePoint must implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions.DISA Microsoft SharePoint 2013 STIG v2r4Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WG190 IIS6 - The web server must use a vendor-supported version of the web server software.DISA STIG IIS 6.0 Server v6r16Windows

SYSTEM AND INFORMATION INTEGRITY

WG242 IIS6 - Log file data must contain required data elements. - 'Logging Enabled'DISA STIG IIS 6.0 Site Checklist v6r16Windows

AUDIT AND ACCOUNTABILITY

WG242 IIS6 - Log file data must contain required data elements. - 'Logging Properties Set Correctly'DISA STIG IIS 6.0 Site Checklist v6r16Windows

AUDIT AND ACCOUNTABILITY