xccdf_mil.disa.stig_group_V-218795
xccdf_mil.disa.stig_rule_SV-218795r960963_rule
CAT I
All IIS 10.0 web server sample code, example applications, and tutorials must be removed from a production IIS 10.0 server.
From: Microsoft IIS 10.0 Server Security Technical Implementation Guide (VV3R6R6)
Description
<VulnDiscussion>Web server documentation, sample code, example applications, and tutorials may be an exploitable threat to a web server. A production web server may only contain components that are operationally necessary (i.e., compiled code, scripts, web content, etc.). Delete all directories containing samples and any scripts used to execute the samples.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
No check procedure available.
Fix Text
Remove any executable sample code, example applications, or tutorials which are not explicitly used by a production website.
CCI Reference
CCI-000381- Created
- 2026-03-12 19:38:13
- Last Updated
- 2026-03-12 19:38:13