IIST-SV-000118 – The IIS 10.0 web server must only contain functions necessary for operation.

Details

A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system.

The web server must provide the capability to disable, uninstall, or deactivate functionality and services deemed non-essential to the web server mission or that adversely impact server performance.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Remove all unapproved programs and roles from the production IIS 10.0 web server.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_10-0_Y20M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

800-53|CM-7a.
CAT|II
CCI|CCI-000381
CSCv6|9.1
Rule-ID|SV-218793r561041_rule
STIG-ID|IIST-SV-000118
STIG-Legacy|SV-109225
STIG-Legacy|V-100121
Vuln-ID|V-218793

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles