STIGQter: STIG Summary: Microsoft IIS 8.5 Site Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session.

DISA Rule

SV-214448r508659_rule

Vulnerability Number

V-214448

Group Title

SRG-APP-000092-WSR-000055

Rule Version

IISW-SI-000205

Severity

CAT II

CCI(s)

CCI-001462 - The information system provides the capability for authorized users to capture/record and log content related to a user session.
CCI-001464 - The information system initiates session audits at system start-up.

Weight

Fix Recommendation

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name.

Click the "Logging" icon.

Under Format select "W3C".

Select the following fields: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer.

Select "Apply" from the "Actions" pane.

Check Contents

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name.

Click the "Logging" icon.

Under Format select "W3C".

Click “Select Fields”, verify at a minimum the following fields are checked: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer.

If the "W3C" is not selected as the logging format OR any of the required fields are not selected, this is a finding.

The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments