STIGQter STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 8.5 web server must not be running on a system providing any other role.

DISA Rule

SV-214432r508658_rule

Vulnerability Number

V-214432

Group Title

SRG-APP-000383-WSR-000175

Rule Version

IISW-SV-000148

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove all unapproved programs and roles from the production web server.

Check Contents

Review programs installed on the OS.

Open Control Panel.

Open Programs and Features.

The following programs may be installed without any additional documentation:

Administration Pack for IIS
IIS Search Engine Optimization Toolkit
Microsoft .NET Framework version 3.5 SP1 or greater
Microsoft Web Platform Installer version 3.x or greater
Virtual Machine Additions

Review the installed programs, if any programs are installed other than those listed above, this is a finding.

Note: If additional software is needed and has supporting documentation signed by the ISSO, this is not a finding.

Vulnerability Number

V-214432

Documentable

False

Rule Version

IISW-SV-000148

Severity Override Guidance

Review programs installed on the OS.

Open Control Panel.

Open Programs and Features.

The following programs may be installed without any additional documentation:

Administration Pack for IIS
IIS Search Engine Optimization Toolkit
Microsoft .NET Framework version 3.5 SP1 or greater
Microsoft Web Platform Installer version 3.x or greater
Virtual Machine Additions

Review the installed programs, if any programs are installed other than those listed above, this is a finding.

Note: If additional software is needed and has supporting documentation signed by the ISSO, this is not a finding.

Check Content Reference

M

Target Key

4000

Comments