Ensure Custom Error Messages are not Off – Default
Details When an ASP.NET application fails and causes an HTTP/1.x 500 Internal Server Error, or a feature configuration (such as...
- Home
- Security Hardening
- CIS IIS 8.0 V1.5.0 L2
CIS IIS 8.0 V1.5.0 L2
Ensure ‘debug’ is turned off
Details Developers often enable the debug mode during active ASP.NET development so that they do not have to continually clear...Ensure ‘debug’ is turned off – Applications
Details Developers often enable the debug mode during active ASP.NET development so that they do not have to continually clear...Ensure ‘debug’ is turned off – Default
Details Developers often enable the debug mode during active ASP.NET development so that they do not have to continually clear...Ensure ‘encryption providers’ are locked down
Details By default, whenever a property is encrypted, IIS uses the defaultProvider for encryption defined in machine.config. The IIS local...Ensure ‘forms authentication’ is set to use cookies – Applications
Details Forms Authentication can be configured to maintain the site visitor’s session identifier in either a URI or cookie. It...Ensure ‘forms authentication’ is set to use cookies – Default
Details Forms Authentication can be configured to maintain the site visitor’s session identifier in either a URI or cookie. It...Ensure ‘forms authentication’ is set to use cookies – Not Enabled
Details Forms Authentication can be configured to maintain the site visitor’s session identifier in either a URI or cookie. It...Ensure HSTS Header is set
Details HTTP Strict Transport Security (HSTS) allows a site to inform the user agent to communicate with the site only...Ensure ‘httpcookie’ mode is configured for session state
Details A session cookie associates session information with client information for that session, which can be the duration of a...