Skip to content
Log In

Microsoft IIS 10.0 Site Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The IIS 10.0 website must provide the capability to immediately disconnect or disable remote access to the hosted applications.

    During an attack on the web server or any of the hosted applications, the system administrator may need to disconnect or disable access by users to stop the attack. The web server must provide a c...
    Rule Medium Severity
    Show

  • The IIS 10.0 private website must employ cryptographic mechanisms (TLS) and require client certificates.

    TLS encryption is a required security setting for a private web server. Encryption of private information is essential to ensuring data confidentiality. If private information is not encrypted, it ...
    Rule Medium Severity
    Show

  • The application pools rapid fail protection for each IIS 10.0 website must be enabled.

    Rapid fail protection is a feature that interrogates the health of worker processes associated with websites and web applications. It can be configured to perform a number of actions such as shutti...
    Rule Medium Severity
    Show

  • The application pools rapid fail protection settings for each IIS 10.0 website must be managed.

    Windows Process Activation Service (WAS) manages application pool configuration and may flag a worker process as unhealthy and shut it down. The rapid fail protection must be set to a suitable valu...
    Rule Medium Severity
    Show

  • Interactive scripts on the IIS 10.0 web server must have restrictive access controls.

    CGI is a programming standard for interfacing external applications with information servers, such as HTTP or web servers. CGI, represented by all upper case letters, should not be confused with th...
    Rule Medium Severity
    Show

  • Non-ASCII characters in URLs must be prohibited by any IIS 10.0 website.

    Setting limits on web requests ensures availability of web services and mitigates the risk of buffer overflow type attacks. The allow high-bit characters Request Filter enables rejection of request...
    Rule Medium Severity
    Show

  • SRG-APP-000246-WSR-000149

    Group
    Show

  • SRG-APP-000001-WSR-000002

    Group
    Show

  • SRG-APP-000098-WSR-000060

    Group
    Show

  • SRG-APP-000001-WSR-000002

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules