STIGQter: STIG Summary: Microsoft IIS 10.0 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events.

DISA Rule

SV-218785r561041_rule

Vulnerability Number

V-218785

Group Title

SRG-APP-000092-WSR-000055

Rule Version

IIST-SV-000102

Severity

CAT II

CCI(s)

• CCI-001462 - The information system provides the capability for authorized users to capture/record and log content related to a user session.
• CCI-001464 - The information system initiates session audits at system start-up.
• CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.
• CCI-000131 - The information system generates audit records containing information that establishes when an event occurred.
• CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.
• CCI-000133 - The information system generates audit records containing information that establishes the source of the event.

Weight

10

Fix Recommendation

Open the IIS 10.0 Manager.

Click the IIS 10.0 web server name.

Click the "Logging" icon.

Under Format select "W3C".

Select the following fields: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer.

Under the "Actions" pane, click "Apply".

Check Contents

Open the IIS 10.0 Manager.

Click the IIS 10.0 web server name.

Click the "Logging" icon.

Under Format select "W3C".

Click "Select Fields", verify at a minimum the following fields are checked: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer.

If not, this is a finding.

Vulnerability Number

V-218785

Documentable

False

Rule Version

IIST-SV-000102

Severity Override Guidance

Open the IIS 10.0 Manager.

Click the IIS 10.0 web server name.

Click the "Logging" icon.

Under Format select "W3C".

Click "Select Fields", verify at a minimum the following fields are checked: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer.

If not, this is a finding.

Check Content Reference

M

Target Key

4052

Comments