The IIS 10.0 web server must only contain functions necessary for operation.
An XCCDF Rule
Description
A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. The web server must provide the capability to disable, uninstall, or deactivate functionality and services deemed non-essential to the web server mission or that adversely impact server performance.
- ID
- SV-218793r960963_rule
- Version
- IIST-SV-000118
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Remove all unapproved programs and roles from the production IIS 10.0 web server.