STIGQter STIGQter: STIG Summary: IIS 8.5 Site Security Technical Implementation Guide Version: 1 Release: 9 Benchmark Date: 25 Oct 2019: The IIS 8.5 websites must utilize ports, protocols, and services according to PPSM guidelines.

DISA Rule

SV-91543r1_rule

Vulnerability Number

V-76847

Group Title

SRG-APP-000383-WSR-000175

Rule Version

IISW-SI-000239

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name under review.

In the “Action” Pane, click “Bindings".

Edit to change an existing binding and set the correct ports and protocol.

Check Contents

Review the website to determine if HTTP and HTTPs (e.g., 80 and 443) are used in accordance with those ports and services registered and approved for use by the DoD PPSM. Any variation in PPS will be documented, registered, and approved by the PPSM.

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name under review.

In the “Action” Pane, click “Bindings”.

Review the ports and protocols. If unknown ports or protocols are used, then this is a finding.

Vulnerability Number

V-76847

Documentable

False

Rule Version

IISW-SI-000239

Severity Override Guidance

Review the website to determine if HTTP and HTTPs (e.g., 80 and 443) are used in accordance with those ports and services registered and approved for use by the DoD PPSM. Any variation in PPS will be documented, registered, and approved by the PPSM.

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name under review.

In the “Action” Pane, click “Bindings”.

Review the ports and protocols. If unknown ports or protocols are used, then this is a finding.

Check Content Reference

M

Target Key

2791

Comments