STIGQter: STIG Summary: Windows 10 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Internet Information System (IIS) or its subcomponents must not be installed on a workstation.

DISA Rule

SV-220718r569187_rule

Vulnerability Number

V-220718

Group Title

SRG-OS-000095-GPOS-00049

Rule Version

WN10-00-000100

Severity

CAT I

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Uninstall "Internet Information Services" or "Internet Information Services Hostable Web Core" from the system.

Check Contents

IIS is not installed by default. Verify it has not been installed on the system.

Run "Programs and Features".
Select "Turn Windows features on or off".

If the entries for "Internet Information Services" or "Internet Information Services Hostable Web Core" are selected, this is a finding.

If an application requires IIS or a subset to be installed to function, this needs be documented with the ISSO. In addition, any applicable requirements from the IIS STIG must be addressed.

Vulnerability Number

V-220718

Documentable

False

Rule Version

WN10-00-000100

Severity Override Guidance

IIS is not installed by default. Verify it has not been installed on the system.

Run "Programs and Features".
Select "Turn Windows features on or off".

If the entries for "Internet Information Services" or "Internet Information Services Hostable Web Core" are selected, this is a finding.

If an application requires IIS or a subset to be installed to function, this needs be documented with the ISSO. In addition, any applicable requirements from the IIS STIG must be addressed.

Check Content Reference

M

Target Key

4072

Comments