STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 8.5 web server must augment re-creation to a stable and known baseline.

DISA Rule

SV-214421r508658_rule

Vulnerability Number

V-214421

Group Title

SRG-APP-000225-WSR-000074

Rule Version

IISW-SV-000136

Severity

CAT II

CCI(s)

• CCI-001190 - The information system fails to an organization-defined known-state for organization-defined types of failures.

Weight

10

Fix Recommendation

Prepare documentation for disaster recovery methods for the IIS 8.5 web server in the event of the necessity for rollback.

Document and test the disaster recovery methods designed.

Check Contents

Interview the System Administrator for the IIS 8.5 web server.

Ask for documentation on the disaster recovery methods tested and planned for the IIS 8.5 web server in the event of the necessity for rollback.

If documentation for a disaster recovery has not been established, this is a finding.

Vulnerability Number

V-214421

Documentable

False

Rule Version

IISW-SV-000136

Severity Override Guidance

Interview the System Administrator for the IIS 8.5 web server.

Ask for documentation on the disaster recovery methods tested and planned for the IIS 8.5 web server in the event of the necessity for rollback.

If documentation for a disaster recovery has not been established, this is a finding.

Check Content Reference

M

Target Key

4000

Comments