Documentation - V-218817

V-218817

Microsoft IIS 10.0 Server Security Technical Implementation Guide

CAT II

Title

The IIS 10.0 web server must not be running on a system providing any other role.

Description

<VulnDiscussion>Web servers provide numerous processes, features, and functionalities that utilize TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The web server must provide the capability to disable or deactivate network-related services deemed non-essential to the server mission, are too unsecure, or are prohibited by the PPSM CAL and vulnerability assessments.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></Fa...

Fix Text (Documentation Requirement)

Remove all unapproved programs and roles from the production web server.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Linked Document

Select the document that satisfies this documentation requirement. Upload new document

Notes (Optional)

Cancel

Last updated: 2026-02-09 18:37:06

Linked to: USNS Montford Point eMASS Security Plan (SP)