1.1.1 Ensure Web Content Is on Non-System Partition | CONFIGURATION MANAGEMENT |
1.1.2 Require Host Headers on all Sites | CONFIGURATION MANAGEMENT |
1.1.3 Disable Directory Browsing | ACCESS CONTROL |
1.1.4 Configure Application Pools to Run As Application Pool Identity | CONFIGURATION MANAGEMENT |
1.1.5 Ensure Unique Application Pools for Sites | SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.6 Configure Anonymous User Identity to Use Application Pool Identity | ACCESS CONTROL |
1.1.7 Stop non-used Application Pools | CONFIGURATION MANAGEMENT |
1.1.11 Enable Dynamic IP Address Restrictions | |
1.2.1 Configure Global Authorization Rule to Restrict Access - add roles='administrators' | ACCESS CONTROL |
1.2.1 Configure Global Authorization Rule to Restrict Access - remove users='*' | ACCESS CONTROL |
1.2.2 Ensure Access to Sensitive Site Features Is Restricted To Authenticated Principals Only | ACCESS CONTROL |
1.2.3 Require SSL in Forms Authentication | SYSTEM AND COMMUNICATIONS PROTECTION |
1.2.5 Configure Cookie Protection Mode for Forms Authentication | SYSTEM AND COMMUNICATIONS PROTECTION |
1.2.7 Configure SSL for Basic Authentication | |
1.2.8 Ensure passwordFormat Credentials Element Not Set To Clear | IDENTIFICATION AND AUTHENTICATION |
1.3.1 Set Deployment Method to Retail | CONFIGURATION MANAGEMENT |
1.3.4 ASP.NET stack tracing is Not Enabled | SYSTEM AND INFORMATION INTEGRITY |
1.3.7 Configure MachineKey Validation Method - .Net 3.5 | SYSTEM AND COMMUNICATIONS PROTECTION |
1.3.8 Configure MachineKey Validation Method - .Net 4.5 | SYSTEM AND COMMUNICATIONS PROTECTION |
1.3.9 Configure Global .NET Trust Level | ACCESS CONTROL |
1.3.10 Hide IIS HTTP Detailed Errors from Displaying Remotely | SYSTEM AND INFORMATION INTEGRITY |
1.4.5 Ensure Double-Encoded Requests will be Rejected | CONFIGURATION MANAGEMENT |
1.4.6 Disallow Unlisted File Extensions | CONFIGURATION MANAGEMENT |
1.4.7 Ensure Handler is not granted Write and Script/Execute | ACCESS CONTROL |
1.4.8 Ensure Configuration Attribute notListedIsapisAllowed set to false | SYSTEM AND COMMUNICATIONS PROTECTION |
1.4.9 Ensure Configuration Attribute notListedCgisAllowed set to false | SYSTEM AND COMMUNICATIONS PROTECTION |
1.4.10 Disable HTTP Trace Method | CONFIGURATION MANAGEMENT |
1.5.1 Move Default IIS Web Log Location | AUDIT AND ACCOUNTABILITY |
1.5.2 Enable Advanced IIS Logging | AUDIT AND ACCOUNTABILITY |
1.6.1 Encrypt FTP Requests | |
1.7.1 Disable PCT 1.0 - 'DisabledByDefault = 1' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.1 Disable PCT 1.0 - 'Enabled = 0' | CONFIGURATION MANAGEMENT |
1.7.2 Disable SSLv2 - 'DisabledByDefault = 1' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.2 Disable SSLv2 - 'Enabled = 0' | CONFIGURATION MANAGEMENT |
1.7.3 Disable SSLv3 - 'DisabledByDefault = 1' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.3 Disable SSLv3 - 'Enabled = 0' | CONFIGURATION MANAGEMENT |
1.7.4 Configure TLS 1.0 - 'DisabledByDefault = 0' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.4 Configure TLS 1.0 - 'Enabled = 0xFFFFFFFF' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.5 Configure TLS 1.1 - 'DisabledByDefault = 0' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.5 Configure TLS 1.1 - 'Enabled = 0xFFFFFFFF' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.6 Enable TLS 1.2 - 'DisabledByDefault = 0' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.6 Enable TLS 1.2 - 'Enabled = 0xFFFFFFFF' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.7 Disable NULL Cipher Suites | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.8 Disable DES Cipher Suites | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.9 Disable RC2 Cipher Suites - 'RC2 40/128' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.9 Disable RC2 Cipher Suites - 'RC2 56/128' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.10 Disable RC4 Cipher Suites - 'RC4 40/128' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.10 Disable RC4 Cipher Suites - 'RC4 56/128' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.10 Disable RC4 Cipher Suites - 'RC4 64/128' | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7.10 Disable RC4 Cipher Suites - 'RC4 128/128' | SYSTEM AND COMMUNICATIONS PROTECTION |