IIST-SI-000244 – IIS 10.0 website session IDs must be sent to the client using TLS.
Details The HTTP protocol is a stateless protocol. To maintain a session, a session identifier is used. The session identifier...
- Home
- Security Hardening
- DISA IIS 10.0 Site V2R1
DISA IIS 10.0 Site V2R1
IIST-SI-000226 – The IIS 10.0 website must be configured to limit the size of web requests.
Details By setting limits on web requests, it ensures availability of web services and mitigates the risk of buffer overflow...IIST-SI-000227 – The IIS 10.0 websites Maximum Query String limit must be configured.
Details Setting limits on web requests helps to ensure availability of web services and may also help mitigate the risk...IIST-SI-000228 – Non-ASCII characters in URLs must be prohibited by any IIS 10.0 website.
Details Setting limits on web requests ensures availability of web services and mitigates the risk of buffer overflow type attacks....IIST-SI-000252 – The maximum number of requests an application pool can process for each IIS 10.0 website must be explicitly set.
Details IIS application pools can be periodically recycled to avoid unstable states possibly leading to application crashes, hangs, or memory...IIST-SI-000246 – Cookies exchanged between the IIS 10.0 website and the client must have cookie properties set to prohibit client-side scripts from reading the cookie data – compressionEnabled
Details A cookie can be read by client-side scripts easily if cookie properties are not set properly. By allowing cookies...IIST-SI-000246 – Cookies exchanged between the IIS 10.0 website and the client must have cookie properties set to prohibit client-side scripts from reading the cookie data – requireSSL
Details A cookie can be read by client-side scripts easily if cookie properties are not set properly. By allowing cookies...IIST-SI-000251 – The IIS 10.0 website must have a unique application pool.
Details Application pools isolate sites and applications to address reliability, availability, and security issues. Sites and applications may be grouped...