STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 8.5 web server must be reviewed on a regular basis to remove any Operating System features, utility programs, plug-ins, and modules not necessary for operation.

DISA Rule

SV-214412r508658_rule

Vulnerability Number

V-214412

Group Title

SRG-APP-000141-WSR-000080

Rule Version

IISW-SV-000123

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Remove all utility programs, Operating System features or modules which are installed but are not necessary for web server operation.

Check Contents

Consult with the System Administrator and review all of the IIS 8.5 and Operating System features installed.

Determine if any are installed which are no longer necessary for operation.

If any utility programs, features or modules are installed which are not necessary for operation, this is a finding.

If any unnecessary Operating System features are installed, this is a finding.

Vulnerability Number

V-214412

Documentable

False

Rule Version

IISW-SV-000123

Severity Override Guidance

Consult with the System Administrator and review all of the IIS 8.5 and Operating System features installed.

Determine if any are installed which are no longer necessary for operation.

If any utility programs, features or modules are installed which are not necessary for operation, this is a finding.

If any unnecessary Operating System features are installed, this is a finding.

Check Content Reference

M

Target Key

4000

Comments