Detections
Analytics

CIS IIS 8.0 v1.5.0 Level 2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS IIS 8.0 v1.5.0 Level 2

Updated: 10/17/2023

Authority: CIS

Plugin: Windows

Revision: 1.16

Estimated Item Count: 33

File Details

Filename: CIS_v1.5.0_MS_IIS_8_Level_2.audit

Size: 67.9 kB

MD5: 2101e7131a27a4681a535a3f969f7711
SHA256: 75721adead7310f3540c943248502def0da1e9546b3e4479a2a257f5ea3fa7ad

Audit Items

DescriptionCategories
2.4 Ensure 'forms authentication' is set to use cookies - Applications
2.4 Ensure 'forms authentication' is set to use cookies - Default
2.4 Ensure 'forms authentication' is set to use cookies - Not Enabled
2.8 Ensure 'credentials' are not stored in configuration files - Applications
2.8 Ensure 'credentials' are not stored in configuration files - Default
3.2 Ensure 'debug' is turned off
3.2 Ensure 'debug' is turned off - Applications
3.2 Ensure 'debug' is turned off - Default
3.3 Ensure Custom Error Messages are not Off
3.3 Ensure Custom Error Messages are not Off - Applications
3.3 Ensure Custom Error Messages are not Off - Default
3.5 Ensure ASP.NET stack tracing is not enabled
3.5 Ensure ASP.NET stack tracing is not enabled - Applications
3.5 Ensure ASP.NET stack tracing is not enabled - Default
3.6 Ensure 'httpcookie' mode is configured for session state
3.6 Ensure 'httpcookie' mode is configured for session state - Applications
3.6 Ensure 'httpcookie' mode is configured for session state - Default
3.7 Ensure 'cookies' are set with HttpOnly attribute
3.7 Ensure 'cookies' are set with HttpOnly attribute - Applications
3.7 Ensure 'cookies' are set with HttpOnly attribute - Default
3.11 Ensure 'encryption providers' are locked down
4.1 Ensure 'maxAllowedContentLength' is configured - Applications
4.1 Ensure 'maxAllowedContentLength' is configured - Default
4.2 Ensure 'maxURL request filter' is configured - Applications
4.2 Ensure 'maxURL request filter' is configured - Default
4.3 Ensure 'MaxQueryString request filter' is configured - Applications
4.3 Ensure 'MaxQueryString request filter' is configured - Default
4.4 Ensure non-ASCII characters in URLs are not allowed - Applications
4.4 Ensure non-ASCII characters in URLs are not allowed - Default
7.1 Ensure HSTS Header is set
7.4 Ensure TLS 1.0 is disabled
7.14 Ensure TLS Cipher Suite ordering is configured
CIS Microsoft IIS 8 Benchmark v1.5.0 Level 2