STIGQter STIGQter: STIG Summary: Microsoft IIS 8.5 Site Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

A public IIS 8.5 website must only accept Secure Socket Layer connections when authentication is required.

DISA Rule

SV-214447r539448_rule

Vulnerability Number

V-214447

Group Title

SRG-APP-000014-WSR-000006

Rule Version

IISW-SI-000204

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Note: If the server being reviewed is a private IIS 8.5 web server, this is Not Applicable.

Note: If the server is hosting WSUS, this is Not Applicable.

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.
Click the site name.
Double-click the "SSL Settings" icon.
Select "Require SSL" check box.
Select "Apply" from the "Actions" pane.

Check Contents

Note: If the server being reviewed is a private IIS 8.5 web server, this is Not Applicable.

Note: If the server is hosting WSUS, this is Not Applicable.

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.
Click the site name.
Double-click the "SSL Settings" icon.
Verify "Require SSL" check box is selected.
If the "Require SSL" check box is not selected, this is a finding.

Vulnerability Number

V-214447

Documentable

False

Rule Version

IISW-SI-000204

Severity Override Guidance

Note: If the server being reviewed is a private IIS 8.5 web server, this is Not Applicable.

Note: If the server is hosting WSUS, this is Not Applicable.

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.
Click the site name.
Double-click the "SSL Settings" icon.
Verify "Require SSL" check box is selected.
If the "Require SSL" check box is not selected, this is a finding.

Check Content Reference

M

Target Key

4001

Comments