STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The enhanced logging for the IIS 8.5 web server must be enabled and capture all user and web server events.

DISA Rule

SV-214400r508658_rule

Vulnerability Number

V-214400

Group Title

SRG-APP-000092-WSR-000055

Rule Version

IISW-SV-000102

Severity

CAT II

CCI(s)

• CCI-001462 - The information system provides the capability for authorized users to capture/record and log content related to a user session.
• CCI-001464 - The information system initiates session audits at system start-up.
• CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.
• CCI-000131 - The information system generates audit records containing information that establishes when an event occurred.
• CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.
• CCI-000133 - The information system generates audit records containing information that establishes the source of the event.

Weight

10

Fix Recommendation

Open the IIS 8.5 Manager.

Click the IIS 8.5 web server name.

Click the "Logging" icon.

Under Format select "W3C".

Select the following fields: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer.

Under the "Actions" pane, click "Apply".

Check Contents

Open the IIS 8.5 Manager.

Click the IIS 8.5 web server name.

Click the "Logging" icon.

Under Format select "W3C".

Click "Select Fields", verify at a minimum the following fields are checked: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer.

If not, this is a finding.

Vulnerability Number

V-214400

Documentable

False

Rule Version

IISW-SV-000102

Severity Override Guidance

Open the IIS 8.5 Manager.

Click the IIS 8.5 web server name.

Click the "Logging" icon.

Under Format select "W3C".

Click "Select Fields", verify at a minimum the following fields are checked: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer.

If not, this is a finding.

Check Content Reference

M

Target Key

4000

Comments