STIGQter STIGQter: STIG Summary: IIS 8.5 Site Security Technical Implementation Guide Version: 1 Release: 9 Benchmark Date: 25 Oct 2019: The log information from the IIS 8.5 website must be protected from unauthorized modification or deletion.

DISA Rule

SV-91491r4_rule

Vulnerability Number

V-76795

Group Title

SRG-APP-000120-WSR-000070

Rule Version

IISW-SI-000213

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name.

Click the "Logging" icon.

Click "Browse" and navigate to the directory where the log files are stored.

Right-click the log file name to review and click “Properties”.

Click the “Security” tab.

Set the log file permissions for the appropriate group.

Check Contents

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.
Click the site name.
Click the "Logging" icon.
Click "Browse" and navigate to the directory where the log files are stored.
Right-click the log file name to review and click “Properties”.
Click the “Security” tab.
Verify only authorized groups are listed, if others are listed, this is a finding.

Note: The log file should be restricted as follows:
Auditors - Full Control
SYSTEM - Full Control
Administrators - Full Control
Web Managers - Read

Vulnerability Number

V-76795

Documentable

False

Rule Version

IISW-SI-000213

Severity Override Guidance

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.
Click the site name.
Click the "Logging" icon.
Click "Browse" and navigate to the directory where the log files are stored.
Right-click the log file name to review and click “Properties”.
Click the “Security” tab.
Verify only authorized groups are listed, if others are listed, this is a finding.

Note: The log file should be restricted as follows:
Auditors - Full Control
SYSTEM - Full Control
Administrators - Full Control
Web Managers - Read

Check Content Reference

M

Target Key

2791

Comments