Detections
Analytics

CIS IIS 10 v1.1.1 Level 2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS IIS 10 v1.1.1 Level 2

Updated: 4/12/2023

Authority: Operating Systems and Applications

Plugin: Windows

Revision: 1.12

Estimated Item Count: 30

Audit Items

DescriptionCategories
2.4 Ensure 'forms authentication' is set to use cookies - Application
2.4 Ensure 'forms authentication' is set to use cookies - Default
2.8 Ensure 'credentials' are not stored in configuration files - Applications
2.8 Ensure 'credentials' are not stored in configuration files - Default
3.2 Ensure 'debug' is turned off - Applications
3.2 Ensure 'debug' is turned off - Default
3.3 Ensure custom error messages are not off - Applications
3.3 Ensure custom error messages are not off - Default
3.5 Ensure ASP.NET stack tracing is not enabled - Applications
3.5 Ensure ASP.NET stack tracing is not enabled - Default
3.6 Ensure 'httpcookie' mode is configured for session state - Applications
3.6 Ensure 'httpcookie' mode is configured for session state - Default
3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Applications
3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Default
3.11 Ensure X-Powered-By Header is removed - Applications
3.11 Ensure X-Powered-By Header is removed - Default
3.12 Ensure Server Header is removed - Applications
3.12 Ensure Server Header is removed - Default
4.1 Ensure 'maxAllowedContentLength' is configured - Applications
4.1 Ensure 'maxAllowedContentLength' is configured - Default
4.2 Ensure 'maxURL request filter' is configured - Applications
4.2 Ensure 'maxURL request filter' is configured - Default
4.3 Ensure 'MaxQueryString request filter' is configured - Applications
4.3 Ensure 'MaxQueryString request filter' is configured - Default
4.4 Ensure non-ASCII characters in URLs are not allowed - Applications
4.4 Ensure non-ASCII characters in URLs are not allowed - Default
7.1 Ensure HSTS Header is set - Server
7.1 Ensure HSTS Header is set - Sites
7.12 Ensure TLS Cipher Suite ordering is Configured
CIS_v1.1.1_MS_IIS_10_Level_2.audit from CIS Microsoft IIS 10 Benchmark v1.1.1