Skip to main content
CUI

Scan: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Site_Default_Web_Site_V2R12_20251023-143912.ckl

Back to USNS MONTFORD POINT Scans

Scan Information

Hull Number
T-ESD-1
Scan Date
2026-01-14
Source File
MONT-DP-001 IIS10Site Default Web Site 20251023-143912
Source Tool
Evaluate-STIG
Imported
2026-01-14 17:57
Hostname (from CKL asset — override if blank or incorrect)
Upgrade History Export CSV Export Excel
STIG Benchmark

Microsoft IIS 10.0 Site Security Technical Implementation Guide

Version

V2R12

Score

55.8%

Total

43

Open

19

OCA Technology Area

Assign this checklist to an OCA assessment area for scoring

Hostname
MONT-DP-001
STIG Benchmark
Microsoft IIS 10.0 Site Security Technical Implementation Guide
Current Area: Web Server
View all findings in Web Server area →

STIG Rule Mapping

43
Mapped to STIG
0
Unmapped
43
Total Findings
All findings mapped to STIG rules.

Checklist Scoring

Severity Not a Finding Not Applicable Open Not Reviewed Total
CAT I 1 0 1 0 2
CAT II 16 7 18 0 41
CAT III 0 0 0 0 0
Total 17 7 19 0 43

Comparison with Previous Scan

0
New
0
Resolved
17
Changed
2
Unchanged
5
NA to NF

Warning: 5 finding(s) changed from Not Applicable to Not a Finding

This may indicate a regression or improper status change. Please review these findings.

Status transitions: NotAFinding → Not_Applicable: 3 NotAFinding → Open: 4 Not_Applicable → Open: 5 Not_Applicable → NotAFinding: 5
Filter:

Vuln IDs (43)

V-218735 The IIS 10.0 website session state must be enabled...
V-218736 The IIS 10.0 website session state cookie settings...
V-218737 A private IIS 10.0 website must only accept Secure...
V-218738 A public IIS 10.0 website must only accept Secure ...
V-218739 Both the log file and Event Tracing for Windows (E...
V-218740 An IIS 10.0 website behind a load balancer or prox...
V-218741 The IIS 10.0 website must produce log records that...
V-218742 The IIS 10.0 website must produce log records cont...
V-218743 The IIS 10.0 website must have Multipurpose Intern...
V-218744 Mappings to unused and vulnerable scripts on the I...
V-218745 The IIS 10.0 website must have resource mappings s...
V-218748 Each IIS 10.0 website must be assigned a default h...
V-218749 A private IIS 10.0 website authentication mechanis...
V-218750 Anonymous IIS 10.0 website access accounts must be...
V-218751 The IIS 10.0 website must generate unique session ...
V-218752 The IIS 10.0 website document directory must be in...
V-218753 The IIS 10.0 website must be configured to limit t...
V-218754 The IIS 10.0 website must be configured to limit t...
V-218755 The IIS 10.0 websites Maximum Query String limit m...
V-218756 Non-ASCII characters in URLs must be prohibited by...
V-218757 Double encoded URL requests must be prohibited by ...
V-218758 Unlisted file extensions in URL requests must be f...
V-218759 Directory Browsing on the IIS 10.0 website must be...
V-218760 Warning and error messages displayed to clients mu...
V-218761 Debugging and trace information used to diagnose t...
V-218762 The Idle Time-out monitor for each IIS 10.0 websit...
V-218763 The IIS 10.0 websites connectionTimeout setting mu...
V-218764 The IIS 10.0 website must provide the capability t...
V-218765 The IIS 10.0 website must use a logging mechanism ...
V-218766 The IIS 10.0 websites must use ports, protocols, a...
V-218767 The IIS 10.0 website must only accept client certi...
V-218768 The IIS 10.0 private website must employ cryptogra...
V-218769 IIS 10.0 website session IDs must be sent to the c...
V-218770 Cookies exchanged between the IIS 10.0 website and...
V-218771 The IIS 10.0 website must have a unique applicatio...
V-218772 The maximum number of requests an application pool...
V-218775 The application pool for each IIS 10.0 website mus...
V-218777 The application pools rapid fail protection for ea...
V-218778 The application pools rapid fail protection settin...
V-218779 Interactive scripts on the IIS 10.0 web server mus...
V-218780 Interactive scripts on the IIS 10.0 web server mus...
V-218781 Backup interactive scripts on the IIS 10.0 server ...
V-218782 The required DoD banner page must be displayed to ...

Vulnerability Details

Click a Vuln ID on the left to view details.

Status & Comments

Select a finding to edit.

← Back to USNS MONTFORD POINT Scans
CUI