SV-218743r558649_rule
V-218743
SRG-APP-000141-WSR-000081
IIST-SI-000214
CAT II
10
Follow the procedures below for each site hosted on the IIS 10.0 web server:
Open the IIS 10.0 Manager.
Click on the IIS 10.0 site.
Under IIS, double-click the “MIME Types” icon.
From the "Group by:" drop-down list, select "Content Type".
From the list of extensions under "Application", remove MIME types for OS shell program extensions, to include at a minimum, the following extensions:
.exe
.dll
.com
.bat
.csh
Select "Apply" from the "Actions" pane.
Follow the procedures below for each site hosted on the IIS 10.0 web server:
Open the IIS 10.0 Manager.
Click on the IIS 10.0 site.
Under IIS, double-click the “MIME Types” icon.
From the "Group by:" drop-down list, select "Content Type".
From the list of extensions under "Application", verify MIME types for OS shell program extensions have been removed, to include at a minimum, the following extensions:
.exe
.dll
.com
.bat
.csh
If any OS shell MIME types are configured, this is a finding.
V-218743
False
IIST-SI-000214
Follow the procedures below for each site hosted on the IIS 10.0 web server:
Open the IIS 10.0 Manager.
Click on the IIS 10.0 site.
Under IIS, double-click the “MIME Types” icon.
From the "Group by:" drop-down list, select "Content Type".
From the list of extensions under "Application", verify MIME types for OS shell program extensions have been removed, to include at a minimum, the following extensions:
.exe
.dll
.com
.bat
.csh
If any OS shell MIME types are configured, this is a finding.
M
4051