STIGQter STIGQter: STIG Summary: Microsoft IIS 8.5 Site Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 8.5 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 8.5 website events.

DISA Rule

SV-214451r508659_rule

Vulnerability Number

V-214451

Group Title

SRG-APP-000099-WSR-000061

Rule Version

IISW-SI-000209

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Select the website being reviewed.

Under "IIS", double-click the "Logging" icon.

Configure the "Format:" under "Log File" to "W3C".

Select the "Fields" button.

Under "Custom Fields", select the following fields:

Request Header >> Connection

Request Header >> Warning

Click "OK".

Select "Apply" from the "Actions" pane.

Check Contents

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Select the website being reviewed.

Under "IIS", double-click the "Logging" icon.

Verify the "Format:" under "Log File" is configured to "W3C".

Select the "Fields" button.

Under "Custom Fields", verify the following fields are selected:

Request Header >> Connection

Request Header >> Warning

If any of the above fields are not selected, this is a finding.

Vulnerability Number

V-214451

Documentable

False

Rule Version

IISW-SI-000209

Severity Override Guidance

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Select the website being reviewed.

Under "IIS", double-click the "Logging" icon.

Verify the "Format:" under "Log File" is configured to "W3C".

Select the "Fields" button.

Under "Custom Fields", verify the following fields are selected:

Request Header >> Connection

Request Header >> Warning

If any of the above fields are not selected, this is a finding.

Check Content Reference

M

Target Key

4001

Comments