Microsoft IIS 7.0 STIG Version 1, Release 19 Checklist Details (Checklist Revisions)
Supporting Resources:
-
Download Standalone XCCDF 1.1.4 - Sunset - Microsoft IIS 7.0 STIG
- Defense Information Systems Agency
Target:
Target | CPE Name |
---|---|
Microsoft Internet Information Services 7.0 | cpe:/a:microsoft:iis:7.0 (View CVEs) |
Checklist Highlights
- Checklist Name:
- Microsoft IIS 7.0 STIG
- Checklist ID:
- 400
- Version:
- Version 1, Release 19
- Type:
- Compliance
- Review Status:
- Archived
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 04/28/2017
Checklist Summary:
The Internet Information Services 7.0 Web Server Overview is a published document that can be used to improve the security posture of a Department of Defense (DoD) web server and its associated web sites. This document is meant for use in conjunction with the Enclave, Network Infrastructure, Application Security and Development, and other appropriate operating system Security Technical Implementation Guides. Guidance for deployment of web servers within the DoD intranet and the Demilitarized Zone will be governed by the appropriate Network Infrastructure STIG provided by the Defense Information Systems Agency. The web server must be configured to protect classified, unclassified, and/or restricted data such as Personally Identifiable Information, as well as data approved for public release. Immediate risks inherent to this role are external attacks and accidental exposure. Although security controls and infrastructure devices (such as firewalls, intrusion detection systems, and baseline integrity checking tools) offer some defense against malicious activity, security for web servers is best achieved through implementing a comprehensive defense-in-depth strategy. This strategy should include, but is not limited to, server configuration to prevent system compromise, operational procedures for posting data to avoid accidental exposure, proper placement of the server within the network infrastructure, and the allowance or denial of Ports, Protocols, and Services used to access the web server.
Checklist Role:
- Web Server
Known Issues:
Not applicable.
Target Audience:
Developed by DISA for the DOD. This document is intended for those responsible for the configuration and management of information systems. It assumes that the reader has knowledge of web servers and is familiar with common computer terminology.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
This guidance is scoped to the Web Server role, utilizing IIS 7.0, of Microsoft�s Windows Server 2008 and no other server role or OS will be addressed.
Regulatory Compliance:
DOD Directive 8500.2, DOD Directive 8520.2
Comments/Warnings/Miscellaneous:
Please refer to the Checklist.
Disclaimer:
Not provided.
Product Support:
Only available to DOD customers.
Point of Contact:
disa.stig_spt@mail.mil
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
Changed status from "under review" to "final" - 08 September 2015 Version 1, Release 8 - 31 July 2015 Version 1, Release 5 - 24 April 2014 Version 1, Release 4 - 24 January 2014 Version 1, Release 3 - 26 April 2013 Version 1, Release 2 - 25 January 2013 Version 1, Release 1 - 31 October 2011 Version 1 Release 6 - 30 October 2014 Updated status to "Final" - 07 January 2015 Updated "Point of Contact" - 15 January 2015 Version 1, Release 7 - 23 January 2015 Version 1, Release 9 - 27 October 2015 Changed status from "Under Review" to "Final" - 03 December 2015 5/2/2016 - Version 1, Release 10 moved to FINAL - 6/7/2016 Updated STIG to V1, R11 - 10-28-2016 updated to FINAL - 12/07/2016 Updated to Version 1, Release 12 - 01/27/2017 Updated to FINAL - 03/08/2017 Updated to v1, r13 - 04/24/2017 updated to FINAL - 05/22/2017 null Updated URL to reflect change to the DISA website - http --> https Updated - 11/01/2017 Updated to FINAL - 11/27/2017 corrected resource title - 1/24/2018 updated to v1,r16 - 02/16/2018 Updated to FINAL - 3/18/2018 Updated to Version 1, Release 17- 10/25/18 Updated to FINAL - 11/26/18 updated to Version 1, Release 18 - 4/30/2019 Corrected SHA - 5/2/19 Updated to FINAL - 6/4/19 Updated URLs - 6/25/19 removed reference link and changed status to archive per DISA changes - 1/17/2020
Dependency/Requirements:
URL | Description |
---|
References:
Reference URL | Description |
---|