STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Both the log file and Event Tracing for Windows (ETW) for the IIS 8.5 web server must be enabled.

DISA Rule

SV-214401r508658_rule

Vulnerability Number

V-214401

Group Title

SRG-APP-000092-WSR-000055

Rule Version

IISW-SV-000103

Severity

CAT II

CCI(s)

• CCI-001464 - The information system initiates session audits at system start-up.
• CCI-000139 - The information system alerts designated organization-defined personnel or roles in the event of an audit processing failure.
• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Open the IIS 8.5 Manager.

Click the IIS 8.5 server name.

Click the "Logging" icon.

Under Log Event Destination, select the "Both log file and ETW event" radio button.

Under the "Actions" pane, click "Apply".

Check Contents

Open the IIS 8.5 Manager.

Click the IIS 8.5 server name.

Click the "Logging" icon.

Under Log Event Destination, verify the "Both log file and ETW event" radio button is selected.

If the "Both log file and ETW event" radio button is not selected, this is a finding.

Vulnerability Number

V-214401

Documentable

False

Rule Version

IISW-SV-000103

Severity Override Guidance

Open the IIS 8.5 Manager.

Click the IIS 8.5 server name.

Click the "Logging" icon.

Under Log Event Destination, verify the "Both log file and ETW event" radio button is selected.

If the "Both log file and ETW event" radio button is not selected, this is a finding.

Check Content Reference

M

Target Key

4000

Comments