STIGQter STIGQter: STIG Summary: Microsoft IIS 10.0 Site Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Both the log file and Event Tracing for Windows (ETW) for each IIS 10.0 website must be enabled.

DISA Rule

SV-218739r558649_rule

Vulnerability Number

V-218739

Group Title

SRG-APP-000092-WSR-000055

Rule Version

IIST-SI-000206

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Note: "Microsoft-IIS-Logging/logs" must be enabled prior to configuring this setting.

Follow the procedures below for each site hosted on the IIS 10.0 web server:

Open the IIS 10.0 Manager.

Click the site name.

Click the "Logging" icon.

Under Log Event Destination, select the "Both log file and ETW event" radio button.

Select "Apply" from the "Actions" pane.

Check Contents

Follow the procedures below for each site hosted on the IIS 10.0 web server:

Open the IIS 10.0 Manager.

Click the site name.

Click the "Logging" icon.

Under Log Event Destination, verify the "Both log file and ETW event" radio button is selected.

If the "Both log file and ETW event" radio button is not selected, this is a finding.

Note: "Microsoft-IIS-Logging/logs" must be enabled prior to configuring this setting. More configuration information is available at:
https://blogs.intelink.gov/blogs/_disairrt/?p=1317

Vulnerability Number

V-218739

Documentable

False

Rule Version

IIST-SI-000206

Severity Override Guidance

Follow the procedures below for each site hosted on the IIS 10.0 web server:

Open the IIS 10.0 Manager.

Click the site name.

Click the "Logging" icon.

Under Log Event Destination, verify the "Both log file and ETW event" radio button is selected.

If the "Both log file and ETW event" radio button is not selected, this is a finding.

Note: "Microsoft-IIS-Logging/logs" must be enabled prior to configuring this setting. More configuration information is available at:
https://blogs.intelink.gov/blogs/_disairrt/?p=1317

Check Content Reference

M

Target Key

4051

Comments