STIGQter: STIG Summary: Microsoft IIS 10.0 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 10.0 web server must be reviewed on a regular basis to remove any Operating System features, utility programs, plug-ins, and modules not necessary for operation.

DISA Rule

SV-218797r561041_rule

Vulnerability Number

V-218797

Group Title

SRG-APP-000141-WSR-000080

Rule Version

IIST-SV-000123

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Remove all utility programs, Operating System features, or modules installed that are not necessary for web server operation.

Check Contents

Consult with the System Administrator and review all of the IIS 10.0 and Operating System features installed.

Determine if any features installed are no longer necessary for operation.

If any utility programs, features, or modules are installed which are not necessary for operation, this is a finding.

If any unnecessary Operating System features are installed, this is a finding.

Vulnerability Number

V-218797

Documentable

False

Rule Version

IIST-SV-000123

Severity Override Guidance

Consult with the System Administrator and review all of the IIS 10.0 and Operating System features installed.

Determine if any features installed are no longer necessary for operation.

If any utility programs, features, or modules are installed which are not necessary for operation, this is a finding.

If any unnecessary Operating System features are installed, this is a finding.

Check Content Reference

M

Target Key

4052

Comments