STIGQter: STIG Summary: Microsoft IIS 10.0 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version.

DISA Rule

SV-218822r561041_rule

Vulnerability Number

V-218822

Group Title

SRG-APP-000439-WSR-000156

Rule Version

IIST-SV-000154

Severity

CAT II

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

Configure the web server to use an approved TLS version according to NIST SP 800-52 and to disable all non-approved versions.

Check Contents

Review the web server documentation and deployed configuration to determine which version of TLS is being used.

If the TLS version is not TLS 1.2 or higher, according to NIST SP 800-52, or if non-FIPS-approved algorithms are enabled, this is a finding.

Vulnerability Number

V-218822

Documentable

False

Rule Version

IIST-SV-000154

Severity Override Guidance

Review the web server documentation and deployed configuration to determine which version of TLS is being used.

If the TLS version is not TLS 1.2 or higher, according to NIST SP 800-52, or if non-FIPS-approved algorithms are enabled, this is a finding.

Check Content Reference

M

Target Key

4052

Comments