Details

The use of log files is a critical component of the operation of the Information Systems (IS) used within the DoD, and they can provide invaluable assistance with regard to damage assessment, causation, and the recovery of both affected components and data. They may be used to monitor accidental or intentional misuse of the (IS) and may be used by law enforcement for criminal prosecutions. The use of log files is a requirement within the DoD.

Solution

1. Open the IIS Manager > Right click on the website being reviewed > Select Properties > Select the Web Site tab.
2. Ensure Enable logging is selected.
3. Select the Properties button > Select the Advance tab.
4. Under the Extended logging options check the following:

Date, Time, Client IP Address, User Name, Method, URI Query, Http Protocol Status and Referrer

5. Select OK.

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/July2015/U_IIS_6-0_V6R16_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Windows.

References

• 800-53|AU-3.
• CAT|II
• CSCv6|6.2
• Rule-ID|SV-28653r1_rule
• STIG-ID|WG242_IIS6
• Vuln-ID|V-13688

Source

• Tenable.com/audits