BigFix Compliance: Updated CIS Checklist for MS IIS 10 Server, published 2020-09-18

Release Announcements Compliance (Release Announcements)
1

Product:
BigFix Compliance

Title:
Updated CIS Checklist for MS IIS 10 Server with bug fixes.

Security Benchmark:
CIS Microsoft IIS 10 Benchmark , V1.1.1

Published Sites:
CIS Checklist for MS IIS 10 Server , site version 4
(The site version is provided for air-gap customers.)

Details:
Fixed and improved implementation for the following checks:

  • Ensure web content is on non-system partition
  • Ensure ‘host headers’ are on all sites
  • Ensure ‘forms authentication’ require SSL
  • Ensure ‘forms authentication’ is set to use cookies
  • Ensure ‘cookie protection mode’ is configured for forms authentication
  • Ensure ‘debug’ is turned off
  • Ensure custom error messages are not off
  • Ensure IIS HTTP detailed errors are hidden from displaying remotely
  • Ensure ASP.NET stack tracing is not enabled
  • Ensure ‘MachineKey validation method - .Net 3.5’ is configured
  • Ensure global .NET trust level is configured
  • Ensure ‘maxAllowedContentLength’ is configured
  • Ensure ‘maxURL request filter’ is configured
  • Ensure ‘MaxQueryString request filter’ is configured
  • Ensure non-ASCII characters in URLs are not allowed
  • Ensure Double-Encoded requests will be rejected
  • Ensure ‘HTTP Trace Method’ is disabled
  • Ensure DES Cipher Suites is Disabled
  • Ensure TLS Cipher Suite ordering is Configured

Actions to take:

More information:
To know more about the BigFix Compliance SCM checklists, please see the following resources:

We hope you find this latest release of SCM content useful and effective. Thank you!
– The BigFix Compliance team