Detections
Analytics

CIS IIS 10 v1.2.0 Level 2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS IIS 10 v1.2.0 Level 2

Updated: 2/1/2024

Authority: CIS

Plugin: Windows

Revision: 1.2

Estimated Item Count: 30

File Details

Filename: CIS_MS_IIS_10_v1.2.0_Level_2.audit

Size: 107 kB

MD5: 51777bbc41312e9746ee2be7e1e8f5fd
SHA256: 261c0e8278f42146607581e75d13738bf63428cbcc96773cca36593ed5cfef89

Audit Items

DescriptionCategories
2.4 Ensure 'forms authentication' is set to use cookies - Application
2.4 Ensure 'forms authentication' is set to use cookies - Default
2.8 Ensure 'credentials' are not stored in configuration files - Applications
2.8 Ensure 'credentials' are not stored in configuration files - Default
3.2 Ensure 'debug' is turned off - Applications
3.2 Ensure 'debug' is turned off - Default
3.3 Ensure custom error messages are not off - Applications
3.3 Ensure custom error messages are not off - Default
3.5 Ensure ASP.NET stack tracing is not enabled - Applications
3.5 Ensure ASP.NET stack tracing is not enabled - Default
3.6 Ensure 'httpcookie' mode is configured for session state - Applications
3.6 Ensure 'httpcookie' mode is configured for session state - Default
3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Applications
3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Default
3.11 Ensure X-Powered-By Header is removed - Applications
3.11 Ensure X-Powered-By Header is removed - Default
3.12 Ensure Server Header is removed - Applications
3.12 Ensure Server Header is removed - Default
4.1 Ensure 'maxAllowedContentLength' is configured - Applications
4.1 Ensure 'maxAllowedContentLength' is configured - Default
4.2 Ensure 'maxURL request filter' is configured - Applications
4.2 Ensure 'maxURL request filter' is configured - Default
4.3 Ensure 'MaxQueryString request filter' is configured - Applications
4.3 Ensure 'MaxQueryString request filter' is configured - Default
4.4 Ensure non-ASCII characters in URLs are not allowed - Applications
4.4 Ensure non-ASCII characters in URLs are not allowed - Default
7.1 Ensure HSTS Header is set - Server
7.1 Ensure HSTS Header is set - Sites
7.12 Ensure TLS Cipher Suite ordering is Configured
CIS_MS_IIS_10_v1.2.0_Level_2.audit from CIS Microsoft IIS 10 Benchmark v1.2.0