STIGQter: STIG Summary: Microsoft IIS 10.0 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 10.0 web server must augment re-creation to a stable and known baseline.

DISA Rule

SV-218806r561041_rule

Vulnerability Number

V-218806

Group Title

SRG-APP-000225-WSR-000074

Rule Version

IIST-SV-000136

Severity

CAT II

CCI(s)

• CCI-001190 - The information system fails to an organization-defined known-state for organization-defined types of failures.

Weight

10

Fix Recommendation

Prepare documentation for disaster recovery methods for the IIS 10.0 web server in the event of the necessity for rollback.

Document and test the disaster recovery methods designed.

Check Contents

Interview the System Administrator for the IIS 10.0 web server.

Ask for documentation on the disaster recovery methods tested and planned for the IIS 10.0 web server in the event of the necessity for rollback.

If documentation for a disaster recovery has not been established, this is a finding.

Vulnerability Number

V-218806

Documentable

False

Rule Version

IIST-SV-000136

Severity Override Guidance

Interview the System Administrator for the IIS 10.0 web server.

Ask for documentation on the disaster recovery methods tested and planned for the IIS 10.0 web server in the event of the necessity for rollback.

If documentation for a disaster recovery has not been established, this is a finding.

Check Content Reference

M

Target Key

4052

Comments