STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

A web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.

DISA Rule

SV-214437r508658_rule

Vulnerability Number

V-214437

Group Title

SRG-APP-000439-WSR-000156

Rule Version

IISW-SV-000154

Severity

CAT II

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

Configure the web server to use an approved TLS version according to NIST SP 800-52 and to disable all non-approved versions.

Check Contents

Review the web server documentation and deployed configuration to determine which version of TLS is being used.

If the TLS version is not TLS 1.2 or higher, according to NIST SP 800-52, or if non-FIPS-approved algorithms are enabled, this is a finding.

Vulnerability Number

V-214437

Documentable

False

Rule Version

IISW-SV-000154

Severity Override Guidance

Review the web server documentation and deployed configuration to determine which version of TLS is being used.

If the TLS version is not TLS 1.2 or higher, according to NIST SP 800-52, or if non-FIPS-approved algorithms are enabled, this is a finding.

Check Content Reference

M

Target Key

4000

Comments