STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 8.5 web server must only contain functions necessary for operation.

DISA Rule

SV-214408r508658_rule

Vulnerability Number

V-214408

Group Title

SRG-APP-000141-WSR-000075

Rule Version

IISW-SV-000118

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Remove all unapproved programs and roles from the production IIS 8.5 web server.

Check Contents

Click on “Start”.

Open Control Panel.

Click on “Programs”.

Click on “Programs and Features”.

Review the installed programs, if any programs are installed other than those required for the IIS 8.5 web services, this is a finding.

Note: If additional software is needed supporting documentation must be signed by the ISSO.

Vulnerability Number

V-214408

Documentable

False

Rule Version

IISW-SV-000118

Severity Override Guidance

Click on “Start”.

Open Control Panel.

Click on “Programs”.

Click on “Programs and Features”.

Review the installed programs, if any programs are installed other than those required for the IIS 8.5 web services, this is a finding.

Note: If additional software is needed supporting documentation must be signed by the ISSO.

Check Content Reference

M

Target Key

4000

Comments