STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The log data and records from the IIS 8.5 web server must be backed up onto a different system or media.

DISA Rule

SV-214406r508658_rule

Vulnerability Number

V-214406

Group Title

SRG-APP-000125-WSR-000071

Rule Version

IISW-SV-000116

Severity

CAT II

CCI(s)

CCI-001348 - The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.

Weight

Fix Recommendation

Configure system backups to include the directory paths of all IIS 8.5 web server and website log files.

Check Contents

The IIS 8.5 web server and website log files should be backed up by the system backup.

To determine if log files are backed up by the system backup, determine the location of the web server log files and each website's log files.

Open the IIS 8.5 Manager.

Click the IIS 8.5 server name.

Click the "Logging" icon.

Under "Log File" >> "Directory" obtain the path of the log file.

Once all locations are known, consult with the System Administrator to review the server's backup procedure and policy.

Verify the paths of all log files are part of the system backup.
Verify log files are backed up to an unrelated system or onto separate media than the system the web server is running on.

If the paths of all log files are not part of the system backup and/or not backed up to a separate media, this is a finding.

The log data and records from the IIS 8.5 web server must be backed up onto a different system or media.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments