Detections
Analytics

CIS IIS 8.0 v1.5.1 Level 1

Audit Details

Name: CIS IIS 8.0 v1.5.1 Level 1

Updated: 1/6/2025

Authority: CIS

Plugin: Windows

Revision: 1.2

Estimated Item Count: 48

File Details

Filename: CIS_v1.5.1_MS_IIS_8_Level_1.audit

Size: 151 kB

MD5: e4f471aedb24f5b4e20bd818d052ed3a
SHA256: 56e12458f0f4f26e74253d574c98af4616a3abb5374d5d2f2d8edc00470070e1

Audit Items

DescriptionCategories
1.1 Ensure web content is on non-system partition

CONFIGURATION MANAGEMENT

1.2 Ensure 'host headers' are on all sites

CONFIGURATION MANAGEMENT

1.3 Ensure 'directory browsing' is set to disabled

CONFIGURATION MANAGEMENT

1.4 Ensure 'application pool identity' is configured for all application pools

ACCESS CONTROL

1.5 Ensure 'unique application pools' is set for sites

SYSTEM AND COMMUNICATIONS PROTECTION

1.6 Ensure 'application pool identity' is configured for anonymous user identity

CONFIGURATION MANAGEMENT

2.1 Ensure 'global authorization rule' is set to restrict access

ACCESS CONTROL

2.2 Ensure access to sensitive site features is restricted to authenticated principals only

ACCESS CONTROL

2.3 Ensure 'forms authentication' require SSL

SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure 'cookie protection mode' is configured for forms authentication

SYSTEM AND COMMUNICATIONS PROTECTION

2.6 Ensure transport layer security for 'basic authentication' is configured

IDENTIFICATION AND AUTHENTICATION

2.7 Ensure 'passwordFormat' is not set to clear

IDENTIFICATION AND AUTHENTICATION

3.1 Ensure 'deployment method retail' is set

CONFIGURATION MANAGEMENT

3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely

SYSTEM AND INFORMATION INTEGRITY

3.7 Ensure 'cookies' are set with HttpOnly attribute

ACCESS CONTROL

3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Ensure global .NET trust level is configured

ACCESS CONTROL

4.5 Ensure Double-Encoded requests will be rejected

CONFIGURATION MANAGEMENT

4.6 Ensure 'HTTP Trace Method' is disabled

CONFIGURATION MANAGEMENT

4.7 Ensure Unlisted File Extensions are not allowed

CONFIGURATION MANAGEMENT

4.8 Ensure Handler is not granted Write and Script/Execute

ACCESS CONTROL

4.9 Ensure 'notListedIsapisAllowed' is set to false

SYSTEM AND COMMUNICATIONS PROTECTION

4.10 Ensure 'notListedCgisAllowed' is set to false

SYSTEM AND COMMUNICATIONS PROTECTION

4.11 Ensure 'Dynamic IP Address Restrictions' is enabled

SYSTEM AND COMMUNICATIONS PROTECTION

5.1 Ensure Default IIS web log location is moved

AUDIT AND ACCOUNTABILITY

5.2 Ensure Advanced IIS logging is enabled

AUDIT AND ACCOUNTABILITY

5.3 Ensure 'ETW Logging' is enabled

AUDIT AND ACCOUNTABILITY

5.3 Ensure 'ETW Logging' is enabled - Default ETW

AUDIT AND ACCOUNTABILITY

5.3 Ensure 'ETW Logging' is enabled - Default W3C

AUDIT AND ACCOUNTABILITY

5.3 Ensure 'ETW Logging' is enabled - Sites logFormat W3C

AUDIT AND ACCOUNTABILITY

5.3 Ensure 'ETW Logging' is enabled - Sites logFormat W3C with ETW target

AUDIT AND ACCOUNTABILITY

6.1 Ensure FTP requests are encrypted

SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure FTP Logon attempt restrictions is enabled
6.2 Ensure FTP Logon attempt restrictions is enabled - Deny By Failure Enabled

SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure FTP Logon attempt restrictions is enabled - Deny IP Address

AUDIT AND ACCOUNTABILITY

7.2 Ensure SSLv2 is disabled

SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure SSLv3 is disabled

SYSTEM AND COMMUNICATIONS PROTECTION

7.5 Ensure TLS 1.1 is enabled

SYSTEM AND COMMUNICATIONS PROTECTION

7.6 Ensure TLS 1.2 is enabled

SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure NULL Cipher Suites is disabled

SYSTEM AND COMMUNICATIONS PROTECTION

7.8 Ensure DES Cipher Suites is disabled

SYSTEM AND COMMUNICATIONS PROTECTION

7.9 Ensure RC2 Cipher Suites is disabled

SYSTEM AND COMMUNICATIONS PROTECTION

7.10 Ensure RC4 Cipher Suites is disabled

SYSTEM AND COMMUNICATIONS PROTECTION

7.11 Ensure Triple DES Cipher Suite is configured

SYSTEM AND COMMUNICATIONS PROTECTION

7.12 Ensure AES 128/128 Cipher Suite is configured

SYSTEM AND COMMUNICATIONS PROTECTION

7.13 Ensure AES 256/256 Cipher Suite is enabled
7.13 Ensure AES 256/256 Cipher Suite is enabled - Enabled

SYSTEM AND COMMUNICATIONS PROTECTION

CIS Microsoft IIS 8 Benchmark v1.5.1 Level 1