DISA STIG IIS 6.0 Server v6r16

Audit Details

Name: DISA STIG IIS 6.0 Server v6r16

Updated: 4/25/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.10

Estimated Item Count: 72

File Details

Filename: DISA_IIS_6.0_Web_Server_V6R16.audit

Size: 136 kB

MD5: 8cb7506f7724c971e72080f62266a7fe
SHA256: e393319098c5ecace59fa9dd5843b7bdc88a86673327976a85e02492742af480

Audit Items

DescriptionCategories
WA000-WI035 - The IISADMPWD directory has not been removed from the Web Server - permissions

ACCESS CONTROL, CONFIGURATION MANAGEMENT

WA000-WI035 - The IISADMPWD directory has not been removed from the Web Server.

CONFIGURATION MANAGEMENT

WA000-WI080 IIS6 - The IIS Internet Printing Protocol must be disabled.

CONFIGURATION MANAGEMENT

WA000-WI100 IIS6 - The File System Object component, if not required, must be disabled. - '{0D43FE01-F093-11CF-8940-00A0C9054228} Check'

CONFIGURATION MANAGEMENT

WA000-WI100 IIS6 - The File System Object component, if not required, must be disabled. - 'Scripting.FileSystemObject Check'

CONFIGURATION MANAGEMENT

WA000-WI110 IIS6 - The command shell options must be disabled.

ACCESS CONTROL

WA000-WI6080 IIS6 - The AllowRestrictedChars registry key must be disabled.

SYSTEM AND INFORMATION INTEGRITY

WA000-WI6082 IIS6 - The EnableNonUTF8 registry key must be disabled.

SYSTEM AND INFORMATION INTEGRITY

WA000-WI6084 IIS6 - The FavorUTF8 registry key must be set properly.

SYSTEM AND INFORMATION INTEGRITY

WA000-WI6086 IIS6 - The MaxFieldLength registry entry must be set properly.

SYSTEM AND COMMUNICATIONS PROTECTION

WA000-WI6088 IIS6 - The MaxRequestBytes registry entry must be set properly.

SYSTEM AND COMMUNICATIONS PROTECTION

WA000-WI6090 IIS6 - The UrlSegmentMaxLength registry entry must be set properly.

SYSTEM AND COMMUNICATIONS PROTECTION

WA000-WI6092 IIS6 - The PercentUAllowed registry entry must be set properly.

SYSTEM AND INFORMATION INTEGRITY

WA000-WI6094 IIS6 - The UriMaxUriBytes registry entry must be set properly.

SYSTEM AND COMMUNICATIONS PROTECTION

WA000-WI6096 IIS6 - The UrlSegmentMaxCount registry entry must be set properly.

SYSTEM AND COMMUNICATIONS PROTECTION

WA060 IIS6 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.

SYSTEM AND COMMUNICATIONS PROTECTION

WA070 IIS6 - A private web server must be located on a separate controlled access subnet.

SYSTEM AND COMMUNICATIONS PROTECTION

WA120 IIS6 - Administrative users and groups with access privilege to the web server must be documented.

IDENTIFICATION AND AUTHENTICATION

WA140 IIS6 - Web server content and configuration files must be part of a routine backup program.

CONTINGENCY PLANNING

WA155 IIS6 - Classified web servers must be afforded physical security commensurate with the classification of its content.

CONTINGENCY PLANNING

WA230 IIS6 - The site software used with the web server must have all applicable security patches applied and documented.

CONFIGURATION MANAGEMENT

WG040 IIS6 - Public web server resources must not be shared with private assets.

CONFIGURATION MANAGEMENT

WG050 IIS6 - The web server service password(s) must be entrusted to the SA or Web Manager.

IDENTIFICATION AND AUTHENTICATION

WG060 IIS6 - The service account ID used to run the web service must have its password changed at least annually.

ACCESS CONTROL

WG080 IIS6 - A compiler must not be installed on a production web server. - 'javac.exe search'

CONFIGURATION MANAGEMENT

WG080 IIS6 - A compiler must not be installed on a production web server. - 'Lcc-win32.exe search'

CONFIGURATION MANAGEMENT

WG080 IIS6 - A compiler must not be installed on a production web server. - 'msc.exe search'

CONFIGURATION MANAGEMENT

WG080 IIS6 - A compiler must not be installed on a production web server. - 'msvc.exe search'

CONFIGURATION MANAGEMENT

WG080 IIS6 - A compiler must not be installed on a production web server. - 'Python.exe search'

CONFIGURATION MANAGEMENT

WG130 IIS6 - Programs and features not necessary for operations must be removed.

CONFIGURATION MANAGEMENT

WG190 IIS6 - The web server must use a vendor-supported version of the web server software.

SYSTEM AND INFORMATION INTEGRITY

WG195 IIS6 - Anonymous access accounts must be restricted.

ACCESS CONTROL

WG200 IIS6 - Non-administrators must not be allowed access to the directory tree, the shell, or other utilities. - 'cmd.exe'

ACCESS CONTROL, CONFIGURATION MANAGEMENT

WG200 IIS6 - Non-administrators must not be allowed access to the directory tree, the shell, or other utilities. - 'command.com'

ACCESS CONTROL, CONFIGURATION MANAGEMENT

WG204 IIS6 - A web server must not be co-hosted with other services

CONFIGURATION MANAGEMENT

WG220 IIS6 - Access to web administration tools must be restricted to the Web Manager and the Web Manager's designees.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub'

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\AdminScripts'

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\ftproot'

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\ftproot\dropbox'

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\ftproot\ftpfiles'

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\mailroot'

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\wwwroot'

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\wwwroot\docs'

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\wwwroot\images'

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\wwwroot\scripts'

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv'

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\*.bat

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\*.exe'

CONFIGURATION MANAGEMENT

WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\ASP Compiled Templates'

CONFIGURATION MANAGEMENT