Home
Security Hardening
DISA IIS 8.5 Site V2R1

DISA IIS 8.5 Site V2R1

DISA_IIS_8.5_Web_Site_v2r1.audit from DISA STIG IIS 8.5 Site
Details This audit is designed against the DISA STIG for IIS 8.5 Site Supportive Information The following resource is also...
IISW-SI-000201 – The IIS 8.5 website session state must be enabled.
Details When the session information is stored on the client, the session ID, along with the user authorization and identity...
IISW-SI-000202 – The IIS 8.5 website session state cookie settings must be configured to Use Cookies mode.
Details When the session information is stored on the client, the session ID, along with the user authorization and identity...
IISW-SI-000203 – A private IIS 8.5 website must only accept Secure Socket Layer connections.
Details Transport Layer Security (TLS) encryption is a required security setting for a private web server. Encryption of private information...
IISW-SI-000204 – A public IIS 8.5 website must only accept Secure Socket Layer connections when authentication is required.
Details Transport Layer Security (TLS) encryption is a required security setting for a private web server. Encryption of private information...
IISW-SI-000205 – The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session – Field Client IP Address
Details Log files are a critical component to the successful management of an IS used within the DoD. By generating...
IISW-SI-000205 – The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session – Field Date
Details Log files are a critical component to the successful management of an IS used within the DoD. By generating...
IISW-SI-000205 – The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session – Field Method
Details Log files are a critical component to the successful management of an IS used within the DoD. By generating...
IISW-SI-000205 – The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session – Field Protocol Status
Details Log files are a critical component to the successful management of an IS used within the DoD. By generating...
IISW-SI-000205 – The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session – Field Referer
Details Log files are a critical component to the successful management of an IS used within the DoD. By generating...

DISA IIS 8.5 Site V2R1

DISA_IIS_8.5_Web_Site_v2r1.audit from DISA STIG IIS 8.5 Site

IISW-SI-000201 – The IIS 8.5 website session state must be enabled.

IISW-SI-000202 – The IIS 8.5 website session state cookie settings must be configured to Use Cookies mode.

IISW-SI-000203 – A private IIS 8.5 website must only accept Secure Socket Layer connections.

IISW-SI-000204 – A public IIS 8.5 website must only accept Secure Socket Layer connections when authentication is required.

IISW-SI-000205 – The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session – Field Client IP Address

IISW-SI-000205 – The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session – Field Date

IISW-SI-000205 – The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session – Field Method

IISW-SI-000205 – The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session – Field Protocol Status

IISW-SI-000205 – The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session – Field Referer