The IIS 10.0 web server must not be running on a system providing any other role.
An XCCDF Rule
Description
Web servers provide numerous processes, features, and functionalities that utilize TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The web server must provide the capability to disable or deactivate network-related services deemed non-essential to the server mission, are too unsecure, or are prohibited by the PPSM CAL and vulnerability assessments.
- ID
- SV-218817r961470_rule
- Version
- IIST-SV-000148
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Remove all unapproved programs and roles from the production web server.