This is a potential security issue, you are being redirected to https://nvd.nist.gov
|IIS 8.5||cpe:/a:microsoft:internet_information_server:8.5 (View CVEs)|
This Internet Information Services (IIS) 8.5 Overview is a published document to provide an overview of the IIS 8.5 Server and Site Security Technical Implementation Guides (STIGs) and should be used to improve the security posture of a Department of Defense (DoD) web server and its associated websites. This document is meant for use in conjunction with the Enclave, Network Infrastructure, Application Security and Development, Windows 2012 R2 Server/Windows 8.1, and other appropriate operating system STIGs. Guidance for deployment of web servers within the DoD intranet and the Demilitarized Zone (DMZ) will be governed by the appropriate Network Infrastructure STIG provided by the Defense Information Systems Agency (DISA). This STIG has been developed based on the Web Server SRG guidance, which was published as guidance to comply with applicable NIST SP 800-53 cybersecurity controls. This document is a requirement for all DoD-owned information systems and DoD-controlled information systems operated by a contractor and/or other entity on behalf of the DoD that receive, process, store, display, or transmit DoD information, regardless of classification and/or sensitivity. These requirements are designed to assist Security Managers (SMs), Information System Security Managers (ISSMs), Information System Security Officers (ISSOs), and System Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD information system design, development, implementation, certification, and accreditation efforts but is restricted to policies and configurations specific to web servers and sites. This guidance is scoped to the Web Server role of Microsoft’s Windows Server 2012 R2/Windows 8.1, using IIS 8.5. While no other server role or OS will be addressed, Windows Server 2012 does include .NET Framework 4.5 by default, and this STIG requires .NET Framework 4.5 use for enabling specific security settings, such as session state. There are multiple STIG packages for IIS 8.5: one for IIS 8.5 server-related requirements and one for IIS 8.5 website-related requirements. Both STIGs must be applied to an IIS 8.5 web server. The individual packages are: • IIS 8.5 Server STIG • IIS 8.5 Site STIG • IIS 8.5 Overview
Developed by DISA for the DoD. This document is intended for those responsible for the configuration and management of information systems. It assumes that the reader has knowledge of web servers and is familiar with common computer terminology.
DoD Directive 8500.2, DoD Directive 8520.2
Only available to DoD customers.
DRAFT- New Checklist - 07/07/2017 Updated URL to reflect change to the DISA website - http --> https Update - Draft to Under Review - 10/23/2017 Update to FINAL - 11/20/2017 updated to v1,r2 - 02/16/2018 Updated to FINAL - 3/18/2018 updated to v1,r3 - 4/25/18 Updated to FINAL - 5/27/18 updated to Ver 1, Rel 4 - 7/24/18 Updated to FINAL - 8/24/18 updated to Ver 1, Rel 5 - 10/25/18 Corrected SHA - 10/26/18 Updated to FINAL - 11/26/18 updated to Ver 1, Rel 6- 1/22/19 corrected SHA - 2/12/2019 Status Updated to FINAL - 3/12/19 updated to Ver 1, Rel 7 - 4/30/19 Updated URLs - 6/7/19 Updated URLs - 6/26/19 Updated URLs - 8/12/2019 Updated SHA - 8/16/19 updated URLs - 11/1/19 Updated URLs per DISA - 4/24/2020 updated per DISA - 8/4/2020