CIS IIS 7 L1 v1.8.0

Audit Details

Name: CIS IIS 7 L1 v1.8.0

Updated: 4/25/2022

Authority: CIS

Plugin: Windows

Revision: 1.12

Estimated Item Count: 72

File Details

Filename: CIS_v1.8_MS_IIS_7_Level_1.audit

Size: 173 kB

MD5: 6d12a20526ff18748716ba547812858d
SHA256: 1a55bb723f54c992aa65ee3580acce9a66d4536482333f340f80f88bf6432215

Audit Items

DescriptionCategories
1.1 Ensure Web Content Is on Non-System Partition

CONFIGURATION MANAGEMENT

1.2 Ensure 'host headers' are on all sites

CONFIGURATION MANAGEMENT

1.3 Ensure 'directory browsing' is set to disabled

CONFIGURATION MANAGEMENT

1.4 Ensure 'application pool identity' is configured for all application pools

ACCESS CONTROL

1.5 Ensure 'unique application pools' is set for sites

SYSTEM AND COMMUNICATIONS PROTECTION

1.6 Ensure 'application pool identity' is configured for anonymous user identity

CONFIGURATION MANAGEMENT

2.1 Ensure 'global authorization rule' is set to restrict access

ACCESS CONTROL

2.2 Ensure Access to Sensitive Site Features Is Restricted To Authenticated Principals Only - Applications

ACCESS CONTROL

2.2 Ensure Access to Sensitive Site Features Is Restricted To Authenticated Principals Only - Default
2.3 Ensure 'forms authentication' require SSL - Applications

SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Ensure 'forms authentication' require SSL - Default

SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Ensure 'forms authentication' require SSL - Not Enabled
2.5 Ensure 'cookie protection mode' is configured for forms authentication - Applications

SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure 'cookie protection mode' is configured for forms authentication - Default

SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure 'cookie protection mode' is configured for forms authentication - Not Enabled
2.6 Ensure transport layer security for 'basic authentication' is configured

IDENTIFICATION AND AUTHENTICATION

2.7 Ensure 'passwordFormat' is not set to clear
2.7 Ensure 'passwordFormat' is not set to clear - Applications

IDENTIFICATION AND AUTHENTICATION

2.7 Ensure 'passwordFormat' is not set to clear - Default

IDENTIFICATION AND AUTHENTICATION

3.1 Ensure 'deployment method retail' is set

CONFIGURATION MANAGEMENT

3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications

SYSTEM AND INFORMATION INTEGRITY

3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default

SYSTEM AND INFORMATION INTEGRITY

3.8 Configure MachineKey Validation Method - .Net 3.5 - Applications

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Configure MachineKey Validation Method - .Net 3.5 - Default

SYSTEM AND COMMUNICATIONS PROTECTION

3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured
3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured - Applications

SYSTEM AND COMMUNICATIONS PROTECTION

3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured - Default

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Ensure global .NET trust level is configured
3.10 Ensure global .NET trust level is configured - Applications

ACCESS CONTROL

3.10 Ensure global .NET trust level is configured - Default

ACCESS CONTROL

4.5 Ensure Double-Encoded Requests will be Rejected - Applications

CONFIGURATION MANAGEMENT

4.5 Ensure Double-Encoded Requests will be Rejected - Default

CONFIGURATION MANAGEMENT

4.6 Ensure 'HTTP Trace Method' is disabled - Applications

CONFIGURATION MANAGEMENT

4.6 Ensure 'HTTP Trace Method' is disabled - Default

CONFIGURATION MANAGEMENT

4.7 Ensure Unlisted File Extensions are not allowed - Applications

CONFIGURATION MANAGEMENT

4.7 Ensure Unlisted File Extensions are not allowed - Default

CONFIGURATION MANAGEMENT

4.8 Ensure Handler is not granted Write and Script/Execute - Applications

ACCESS CONTROL

4.8 Ensure Handler is not granted Write and Script/Execute - Default

ACCESS CONTROL

4.9 Ensure 'notListedIsapisAllowed' is set to false

SYSTEM AND COMMUNICATIONS PROTECTION

4.10 Ensure 'notListedCgisAllowed' is set to false

SYSTEM AND COMMUNICATIONS PROTECTION

4.11 Ensure 'Dynamic IP Address Restrictions' is enabled
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Conccurent Requests

SYSTEM AND COMMUNICATIONS PROTECTION

4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Request Rate

SYSTEM AND COMMUNICATIONS PROTECTION

4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Not Logging Only Mode

SYSTEM AND COMMUNICATIONS PROTECTION

5.1 Ensure Default IIS web log location is moved

AUDIT AND ACCOUNTABILITY

5.2 Ensure Advanced IIS logging is enabled

AUDIT AND ACCOUNTABILITY

6.1 Ensure FTP requests are encrypted - Control Channel
6.1 Ensure FTP requests are encrypted - Control Channel Default

SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Ensure FTP requests are encrypted - Control Channel Sites

SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Ensure FTP requests are encrypted - Data Channel Default

SYSTEM AND COMMUNICATIONS PROTECTION