IIST-SI-000231 – Directory Browsing on the IIS 10.0 website must be disabled.

Details

Directory browsing allows the contents of a directory to be displayed upon request from a web client. If directory browsing is enabled for a directory in IIS, users could receive a web page listing the contents of the directory. If directory browsing is enabled the risk of inadvertently disclosing sensitive content is increased.

Solution

Follow the procedures below for each site hosted on the IIS 10.0 web server:

Open the IIS 10.0 Manager.

Click the Site.

Double-click the ‘Directory Browsing’ icon.

Under the ‘Actions’ pane, click ‘Disabled’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_10-0_Y20M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.

References

800-53|SI-10
CAT|II
CCI|CCI-001310
CSCv6|9.1
Rule-ID|SV-218759r558649_rule
STIG-ID|IIST-SI-000231
STIG-Legacy|SV-109343
STIG-Legacy|V-100239
Vuln-ID|V-218759

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles