Microsoft IIS 10.0 Server Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000439-WSR-000156
Group -
The IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version.
TLS is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2-app...Rule Medium Severity -
SRG-APP-000516-WSR-000079
Group -
SRG-APP-000516-WSR-000174
Group -
Unspecified file extensions on a production IIS 10.0 web server must be removed.
By allowing unspecified file extensions to execute, the web servers attack surface is significantly increased. This increased risk can be reduced by only allowing specific ISAPI extensions or CGI e...Rule Medium Severity -
SRG-APP-000516-WSR-000174
Group -
The IIS 10.0 web server must have a global authorization rule configured to restrict access.
Authorization rules can be configured at the server, website, folder (including Virtual Directories), or file level. It is recommended that URL Authorization be configured to only grant access to t...Rule Medium Severity -
SRG-APP-000001-WSR-000001
Group -
SRG-APP-000516-WSR-000174
Group -
The IIS 10.0 web server must enable HTTP Strict Transport Security (HSTS).
HTTP Strict Transport Security (HSTS) ensures browsers always connect to a website over TLS. HSTS exists to remove the need for redirection configurations. HSTS relies on the browser, web server, a...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.