Microsoft IIS 8.5 STIG Y23M10 Checklist Details (Checklist Revisions)
Supporting Resources:
-
Download Standalone XCCDF 1.1.4 - Sunset - Microsoft IIS 8.5 STIG
- Defense Information Systems Agency
Target:
Target | CPE Name |
---|---|
IIS 8.5 | cpe:/a:microsoft:internet_information_server:8.5 (View CVEs) |
Checklist Highlights
- Checklist Name:
- Microsoft IIS 8.5 STIG
- Checklist ID:
- 774
- Version:
- Y23M10
- Type:
- Compliance
- Review Status:
- Archived
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 09/12/2017
Checklist Summary:
This Internet Information Services (IIS) 8.5 Overview is a published document to provide an overview of the IIS 8.5 Server and Site Security Technical Implementation Guides (STIGs) and should be used to improve the security posture of a Department of Defense (DoD) web server and its associated websites. This document is meant for use in conjunction with the Enclave, Network Infrastructure, Application Security and Development, Windows 2012 R2 Server/Windows 8.1, and other appropriate operating system STIGs. Guidance for deployment of web servers within the DoD intranet and the Demilitarized Zone (DMZ) will be governed by the appropriate Network Infrastructure STIG provided by the Defense Information Systems Agency (DISA). This STIG has been developed based on the Web Server SRG guidance, which was published as guidance to comply with applicable NIST SP 800-53 cybersecurity controls. This document is a requirement for all DoD-owned information systems and DoD-controlled information systems operated by a contractor and/or other entity on behalf of the DoD that receive, process, store, display, or transmit DoD information, regardless of classification and/or sensitivity. These requirements are designed to assist Security Managers (SMs), Information System Security Managers (ISSMs), Information System Security Officers (ISSOs), and System Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD information system design, development, implementation, certification, and accreditation efforts but is restricted to policies and configurations specific to web servers and sites. This guidance is scoped to the Web Server role of Microsoft’s Windows Server 2012 R2/Windows 8.1, using IIS 8.5. While no other server role or OS will be addressed, Windows Server 2012 does include .NET Framework 4.5 by default, and this STIG requires .NET Framework 4.5 use for enabling specific security settings, such as session state. There are multiple STIG packages for IIS 8.5: one for IIS 8.5 server-related requirements and one for IIS 8.5 website-related requirements. Both STIGs must be applied to an IIS 8.5 web server. The individual packages are: • IIS 8.5 Server STIG • IIS 8.5 Site STIG • IIS 8.5 Overview
Checklist Role:
- Web Server
Known Issues:
Not provided.
Target Audience:
Developed by DISA for the DoD. This document is intended for those responsible for the configuration and management of information systems. It assumes that the reader has knowledge of web servers and is familiar with common computer terminology.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Not provided.
Regulatory Compliance:
DoD Directive 8500.2, DoD Directive 8520.2
Comments/Warnings/Miscellaneous:
Not provided.
Disclaimer:
Not provided.
Product Support:
Only available to DoD customers.
Point of Contact:
disa.stig_spt@mail.mil
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
DRAFT- New Checklist - 07/07/2017 Updated URL to reflect change to the DISA website - http --> https Update - Draft to Under Review - 10/23/2017 Update to FINAL - 11/20/2017 updated to v1,r2 - 02/16/2018 Updated to FINAL - 3/18/2018 updated to v1,r3 - 4/25/18 Updated to FINAL - 5/27/18 updated to Ver 1, Rel 4 - 7/24/18 Updated to FINAL - 8/24/18 updated to Ver 1, Rel 5 - 10/25/18 Corrected SHA - 10/26/18 Updated to FINAL - 11/26/18 updated to Ver 1, Rel 6- 1/22/19 corrected SHA - 2/12/2019 Status Updated to FINAL - 3/12/19 updated to Ver 1, Rel 7 - 4/30/19 Updated URLs - 6/7/19 Updated URLs - 6/26/19 Updated URLs - 8/12/2019 Updated SHA - 8/16/19 updated URLs - 11/1/19 Updated URLs per DISA - 4/24/2020 updated per DISA - 8/4/2020 Updated URL per DISA - 10/28/20 updated URLS per DISA - 4/28/2021 Updated resource per DISA - 7/29/21 updated URLs - 10/27/2021 updated URLs - 1/26/2022 null updated URLs per DISA - 1/17/2023 Updated resource per DISA - 4/27/23 Updated resource and sunset per DISA - 10/26/23 Updated title - 10/26/23
Dependency/Requirements:
URL | Description |
---|
References:
Reference URL | Description |
---|