STIGQter STIGQter: STIG Summary: IIS 8.5 Server Security Technical Implementation Guide Version: 1 Release: 9 Benchmark Date: 25 Oct 2019: The IIS 8.5 web server must have a global authorization rule configured to restrict access.

DISA Rule

SV-91467r2_rule

Vulnerability Number

V-76771

Group Title

SRG-APP-000516-WSR-000174

Rule Version

IISW-SV-000159

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Open the IIS 8.5 Manager.

Click the IIS 8.5 web server name.

Double-click the “Authorization Rules” icon.

Remove all users other than “Administrator”.

Check Contents

Open the IIS 8.5 Manager.

Click the IIS 8.5 web server name.

Double-click the “Authorization Rules” icon.

If any user other than “Administrator” is listed, this is a finding.

Vulnerability Number

V-76771

Documentable

False

Rule Version

IISW-SV-000159

Severity Override Guidance

Open the IIS 8.5 Manager.

Click the IIS 8.5 web server name.

Double-click the “Authorization Rules” icon.

If any user other than “Administrator” is listed, this is a finding.

Check Content Reference

M

Target Key

2793

Comments