STIGQter STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

An IIS Server configured to be a SMTP relay must require authentication.

DISA Rule

SV-228573r508658_rule

Vulnerability Number

V-228573

Group Title

SRG-APP-000141-WSR-000075

Rule Version

IISW-SV-000161

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the relay server with a specific allowed IP address, from the same network as the relay, and implement TLS.

Check Contents

Interview the System Administrator about the role of the IIS 8.5 web server.

If the IIS 8.5 web server is running SMTP relay services, have the SA provide supporting documentation on how the server is hardened. A DoD-issued certificate, and specific allowed IP address should be configured.

If the IIS 8.5 web server is not running SMTP relay services, this is Not Applicable.

If the IIS web server running SMTP relay services without TLS enabled, this is a finding.

If the IIS web server running SMTP relay services is not configured to only allow a specific IP address, from the same network as the relay, this is a finding.

Vulnerability Number

V-228573

Documentable

False

Rule Version

IISW-SV-000161

Severity Override Guidance

Interview the System Administrator about the role of the IIS 8.5 web server.

If the IIS 8.5 web server is running SMTP relay services, have the SA provide supporting documentation on how the server is hardened. A DoD-issued certificate, and specific allowed IP address should be configured.

If the IIS 8.5 web server is not running SMTP relay services, this is Not Applicable.

If the IIS web server running SMTP relay services without TLS enabled, this is a finding.

If the IIS web server running SMTP relay services is not configured to only allow a specific IP address, from the same network as the relay, this is a finding.

Check Content Reference

M

Target Key

4000

Comments