Skip to main content
CUI

Scan: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Server_V3R4_20251023-152431.ckl

Back to USNS MONTFORD POINT Scans

Scan Information

Hull Number
T-ESD-1
Scan Date
2026-01-14
Source File
MONT-MB-002 IIS10Server 20251023-152431
Source Tool
Evaluate-STIG
Imported
2026-01-14 17:57
Hostname (from CKL asset — override if blank or incorrect)
Upgrade History Export CSV Export Excel
STIG Benchmark

Microsoft IIS 10.0 Server Security Technical Implementation Guide

Version

V3R7

Score

62.8%

Total

43

Open

16

OCA Technology Area

Assign this checklist to an OCA assessment area for scoring

Hostname
MONT-MB-002
STIG Benchmark
Microsoft IIS 10.0 Server Security Technical Implementation Guide
Current Area: Web Server
View all findings in Web Server area →

STIG Rule Mapping

43
Mapped to STIG
0
Unmapped
43
Total Findings
All findings mapped to STIG rules.

Checklist Scoring

Severity Not a Finding Not Applicable Open Not Reviewed Total
CAT I 3 1 0 0 4
CAT II 16 6 14 0 36
CAT III 1 0 2 0 3
Total 20 7 16 0 43
Filter:

Vuln IDs (43)

V-218786 Both the log file and Event Tracing for Windows (E...
V-218788 The IIS 10.0 web server must produce log records t...
V-218789 The IIS 10.0 web server must produce log records c...
V-218790 The log information from the IIS 10.0 web server m...
V-218791 The log data and records from the IIS 10.0 web ser...
V-218792 The IIS 10.0 web server must not perform user mana...
V-218793 The IIS 10.0 web server must only contain function...
V-218794 The IIS 10.0 web server must not be both a website...
V-218795 All IIS 10.0 web server sample code, example appli...
V-218796 The accounts created by uninstalled features (i.e....
V-218797 The IIS 10.0 web server must be reviewed on a regu...
V-218798 The IIS 10.0 web server must have Multipurpose Int...
V-218799 The IIS 10.0 web server must have Web Distributed ...
V-218801 Java software installed on a production IIS 10.0 w...
V-218802 IIS 10.0 Web server accounts accessing the directo...
V-218803 The IIS 10.0 web server must separate the hosted a...
V-218804 The IIS 10.0 web server must use cookies to track ...
V-218805 The IIS 10.0 web server must accept only system-ge...
V-218806 The IIS 10.0 web server must augment re-creation t...
V-218807 The production IIS 10.0 web server must utilize SH...
V-218808 Directory Browsing on the IIS 10.0 web server must...
V-218809 The IIS 10.0 web server Indexing must only index w...
V-218810 Warning and error messages displayed to clients mu...
V-218812 The IIS 10.0 web server must restrict inbound conn...
V-218813 The IIS 10.0 web server must provide the capabilit...
V-218814 IIS 10.0 web server system files must conform to m...
V-218815 The IIS 10.0 web server must use a logging mechani...
V-218816 Access to web administration tools must be restric...
V-218817 The IIS 10.0 web server must not be running on a s...
V-218818 The Internet Printing Protocol (IPP) must be disab...
V-218819 The IIS 10.0 web server must be tuned to handle th...
V-218820 IIS 10.0 web server session IDs must be sent to th...
V-218821 An IIS 10.0 web server must maintain the confident...
V-218822 The IIS 10.0 web server must maintain the confiden...
V-218823 All accounts installed with the IIS 10.0 web serve...
V-218824 Unspecified file extensions on a production IIS 10...
V-218825 The IIS 10.0 web server must have a global authori...
V-218826 The IIS 10.0 websites MaxConnections setting must ...
V-218827 The IIS 10.0 web server must enable HTTP Strict Tr...
V-228572 An IIS Server configured to be a SMTP relay must r...
V-241788 HTTPAPI Server version must be removed from the HT...
V-241789 ASP.NET version must be removed from the HTTP Resp...
V-268325 The Request Smuggling filter must be enabled.

Vulnerability Details

Click a Vuln ID on the left to view details.

Status & Comments

Select a finding to edit.

← Back to USNS MONTFORD POINT Scans
CUI