Skip to main content
CUI

Scan: SCHR-P3-DP-001_IIS10Site_Default_Web_Site_V2R14_20260305-133115.cklb

Back to LAB BASELINES Scans

Scan Information

Hull Number
BASELINE
Scan Date
2026-03-12
Source File
SCHR-P3-DP-001 IIS10Site Default Web Site 20260305-133115
Source Tool
STIG Viewer CKLB
Imported
2026-03-12 19:38
Hostname (from CKL asset — override if blank or incorrect)
Upgrade History Export CSV Export Excel
STIG Benchmark

Microsoft IIS 10.0 Site Security Technical Implementation Guide

Version

V2R15

Score

100.0%

Total

43

Open

0

OCA Technology Area

Assign this checklist to an OCA assessment area for scoring

Hostname
SCHR-P3-DP-001
STIG Benchmark
Microsoft IIS 10.0 Site Security Technical Implementation Guide
Current Area: Not Assigned

STIG Rule Mapping

43
Mapped to STIG
0
Unmapped
43
Total Findings
All findings mapped to STIG rules.

Checklist Scoring

Severity Not a Finding Not Applicable Open Not Reviewed Total
CAT I 2 0 0 0 2
CAT II 37 4 0 0 41
CAT III 0 0 0 0 0
Total 39 4 0 0 43
Filter:

Vuln IDs (43)

V-218736 The IIS 10.0 website session state cookie settings...
V-218737 A private IIS 10.0 website must only accept Secure...
V-218738 A public IIS 10.0 website must only accept Secure ...
V-218739 Both the log file and Event Tracing for Windows (E...
V-218740 An IIS 10.0 website behind a load balancer or prox...
V-218741 The IIS 10.0 website must produce log records that...
V-218742 The IIS 10.0 website must produce log records cont...
V-218743 The IIS 10.0 website must have Multipurpose Intern...
V-218744 Mappings to unused and vulnerable scripts on the I...
V-218745 The IIS 10.0 website must have resource mappings s...
V-218748 Each IIS 10.0 website must be assigned a default h...
V-218749 A private IIS 10.0 website authentication mechanis...
V-218750 Anonymous IIS 10.0 website access accounts must be...
V-218751 The IIS 10.0 website must generate unique session ...
V-218752 The IIS 10.0 website document directory must be in...
V-218753 The IIS 10.0 website must be configured to limit t...
V-218754 The IIS 10.0 website must be configured to limit t...
V-218755 The IIS 10.0 websites Maximum Query String limit m...
V-218756 Non-ASCII characters in URLs must be prohibited by...
V-218757 Double encoded URL requests must be prohibited by ...
V-218758 Unlisted file extensions in URL requests must be f...
V-218759 Directory Browsing on the IIS 10.0 website must be...
V-218760 Warning and error messages displayed to clients mu...
V-218761 Debugging and trace information used to diagnose t...
V-218762 The Idle Time-out monitor for each IIS 10.0 websit...
V-218763 The IIS 10.0 websites connectionTimeout setting mu...
V-218764 The IIS 10.0 website must provide the capability t...
V-218765 The IIS 10.0 website must use a logging mechanism ...
V-218766 The IIS 10.0 websites must use ports, protocols, a...
V-218767 The IIS 10.0 website must only accept client certi...
V-218768 The IIS 10.0 private website must employ cryptogra...
V-218769 IIS 10.0 website session IDs must be sent to the c...
V-218770 Cookies exchanged between the IIS 10.0 website and...
V-218771 The IIS 10.0 website must have a unique applicatio...
V-218772 The maximum number of requests an application pool...
V-218775 The application pool for each IIS 10.0 website mus...
V-218777 The application pools rapid fail protection for ea...
V-218778 The application pools rapid fail protection settin...
V-218779 Interactive scripts on the IIS 10.0 web server mus...
V-218780 Interactive scripts on the IIS 10.0 web server mus...
V-218781 Backup interactive scripts on the IIS 10.0 server ...
V-218782 The required DoD banner page must be displayed to ...
V-278953 HTTPAPI Server version must be removed from the HT...

Vulnerability Details

Click a Vuln ID on the left to view details.

Status & Comments

Select a finding to edit.

← Back to LAB BASELINES Scans
CUI