STIGQter: STIG Summary: Microsoft IIS 10.0 Site Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Microsoft IIS 10.0 Site Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-218742r558649_rule
V-218742
SRG-APP-000100-WSR-000064
IIST-SI-000210
CAT II
10
Follow the procedures below for each site hosted on the IIS 10.0 web server:
Access the IIS 10.0 web server IIS 10.0 Manager.
Select the website being reviewed.
Under "IIS", double-click the "Logging" icon.
Configure the "Format:" under "Log File" to "W3C".
Select "Fields".
Under "Standard Fields", select "User Agent", "User Name", and "Referrer".
Under "Custom Fields", select the following fields:
Request Header >> Authorization
Response Header >> Content-Type
Click "OK".
Select "Apply" from the "Actions" pane.
Follow the procedures below for each site hosted on the IIS 10.0 web server:
Access the IIS 10.0 web server IIS 10.0 Manager.
Under "IIS", double-click the "Logging" icon.
Verify the "Format:" under "Log File" is configured to "W3C".
Select "Fields".
Under "Standard Fields", verify "User Agent", "User Name", and "Referrer" are selected.
Under "Custom Fields", verify the following fields have been configured:
Request Header >> Authorization
Response Header >> Content-Type
If any of the above fields are not selected, this is a finding.
V-218742
False
IIST-SI-000210
Follow the procedures below for each site hosted on the IIS 10.0 web server:
Access the IIS 10.0 web server IIS 10.0 Manager.
Under "IIS", double-click the "Logging" icon.
Verify the "Format:" under "Log File" is configured to "W3C".
Select "Fields".
Under "Standard Fields", verify "User Agent", "User Name", and "Referrer" are selected.
Under "Custom Fields", verify the following fields have been configured:
Request Header >> Authorization
Response Header >> Content-Type
If any of the above fields are not selected, this is a finding.
M
4051