STIGQter: STIG Summary: Microsoft IIS 10.0 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.

DISA Rule

SV-218802r561041_rule

Vulnerability Number

V-218802

Group Title

SRG-APP-000211-WSR-000030

Rule Version

IIST-SV-000131

Severity

CAT I

CCI(s)

• CCI-001082 - The information system separates user functionality (including user interface services) from information system management functionality.

Weight

10

Fix Recommendation

Ensure non-administrators are not allowed access to the directory tree, the shell, or other operating system functions and utilities.

All non-administrator access to shell scripts and operating system functions must be mission essential and documented.

Check Contents

Obtain a list of the user accounts with access to the system, including all local and domain accounts.

Review the privileges to the web server for each account.

Verify with the system administrator or the ISSO that all privileged accounts are mission essential and documented.

Verify with the system administrator or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are found, this is a finding.

If undocumented non-administrator access to shell scripts and operating system functions are found, this is a finding.

If this IIS 10 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable.

Vulnerability Number

V-218802

Documentable

False

Rule Version

IIST-SV-000131

Severity Override Guidance

Obtain a list of the user accounts with access to the system, including all local and domain accounts.

Review the privileges to the web server for each account.

Verify with the system administrator or the ISSO that all privileged accounts are mission essential and documented.

Verify with the system administrator or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are found, this is a finding.

If undocumented non-administrator access to shell scripts and operating system functions are found, this is a finding.

If this IIS 10 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable.

Check Content Reference

M

Target Key

4052

Comments