STIGQter: STIG Summary: Microsoft IIS 8.5 Site Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 8.5 website document directory must be in a separate partition from the IIS 8.5 websites system files.

DISA Rule

SV-214463r508659_rule

Vulnerability Number

V-214463

Group Title

SRG-APP-000233-WSR-000146

Rule Version

IISW-SI-000224

Severity

CAT II

CCI(s)

• CCI-001084 - The information system isolates security functions from nonsecurity functions.

Weight

10

Fix Recommendation

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name under review.

Click the “Advanced Settings” from the "Actions" pane.

Change the Physical Path to the new partition and directory location.

Check Contents

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name under review.

Click the "Advanced Settings" from the "Actions" pane.

Review the Physical Path.

If the Path is on the same partition as the OS, this is a finding.

Vulnerability Number

V-214463

Documentable

False

Rule Version

IISW-SI-000224

Severity Override Guidance

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name under review.

Click the "Advanced Settings" from the "Actions" pane.

Review the Physical Path.

If the Path is on the same partition as the OS, this is a finding.

Check Content Reference

M

Target Key

4001

Comments