Directory Browsing on the IIS 10.0 website must be disabled.

An XCCDF Rule

Details
Profiles

Description

Directory browsing allows the contents of a directory to be displayed upon request from a web client. If directory browsing is enabled for a directory in IIS, users could receive a web page listing the contents of the directory. If directory browsing is enabled the risk of inadvertently disclosing sensitive content is increased.

ID: SV-218759r961158_rule
Version: IIST-SI-000231
Severity: Medium
References: CCI-001310
Updated: 15 days ago

Remediation Templates

Follow the procedures below for each site hosted on the IIS 10.0 web server:

Open the IIS 10.0 Manager.

Click the Site.
Double-click the "Directory Browsing" icon.

Under the "Actions" pane, click "Disabled".

Directory Browsing on the IIS 10.0 website must be disabled.

Description

Remediation Templates

A Manual Procedure