STIGQter: STIG Summary: Microsoft IIS 10.0 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.

DISA Rule

SV-218786r561041_rule

Vulnerability Number

V-218786

Group Title

SRG-APP-000092-WSR-000055

Rule Version

IIST-SV-000103

Severity

CAT II

CCI(s)

• CCI-001464 - The information system initiates session audits at system start-up.
• CCI-000139 - The information system alerts designated organization-defined personnel or roles in the event of an audit processing failure.
• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Open the IIS 10.0 Manager.

Click the IIS 10.0 server name.

Click the "Logging" icon.

Under Log Event Destination, select the "Both log file and ETW event" radio button.

Under the "Actions" pane, click "Apply".

Check Contents

Open the IIS 10.0 Manager.

Click the IIS 10.0 server name.

Click the "Logging" icon.

Under Log Event Destination, verify the "Both log file and ETW event" radio button is selected.

If the "Both log file and ETW event" radio button is not selected, this is a finding.

Vulnerability Number

V-218786

Documentable

False

Rule Version

IIST-SV-000103

Severity Override Guidance

Open the IIS 10.0 Manager.

Click the IIS 10.0 server name.

Click the "Logging" icon.

Under Log Event Destination, verify the "Both log file and ETW event" radio button is selected.

If the "Both log file and ETW event" radio button is not selected, this is a finding.

Check Content Reference

M

Target Key

4052

Comments