CUI

USNS MONTFORD POINT - Findings

Back to Ship Export CSV Download POA&M

Showing 3 of 3 findings (filtered) View Documentation Status (90 tracked)

Vuln ID	Severity	Asset	STIG	Title	Status	Doc Status	Assigned To	Actions
V-218741	CAT II	MONT-MB-002	Microsoft IIS 10.0 Site Security Technic...	The IIS 10.0 website must produce log records that...		-
Check Text Note: If this server is hosting WSUS, this requirement is Not Applicable. Follow the procedures below for each site hosted on the IIS 10.0 web server: Select the website being reviewed. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Custom Fields", verify the following fields are selected: Request Header >> Connection Request Header >> Warning If any of the above fields are not selected, this is a finding. Fix Text Follow the procedures below for each site hosted on the IIS 10.0 web server: Select the website being reviewed. Under "IIS", double-click the "Logging" icon. Configure the "Format:" under "Log File" to "W3C". Select "Fields". Under "Custom Fields", select the following fields: Request Header >> Connection Request Header >> Warning Click "OK". Select "Apply" from the "Actions" pane. Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be OPEN on 10/23/2025 Site: Default Web Site ResultHash: 7599E6F84AF0FE02631E378C3BDEFF3AC6CE19D6 ~~~~~ Log format is 'W3C' The 'Request Header >> Connection' custom field is NOT configured. The 'Request Header >> Warning' custom field is NOT configured. Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Default_Web_Site_V2R12_20251023-152518.ckl Scan Date: 2026-01-14T12:57:33.098574 Technology Area: Web Review
V-218741	CAT II	MONT-MB-002	Microsoft IIS 10.0 Site Security Technic...	The IIS 10.0 website must produce log records that...		-
Check Text Note: If this server is hosting WSUS, this requirement is Not Applicable. Follow the procedures below for each site hosted on the IIS 10.0 web server: Select the website being reviewed. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Custom Fields", verify the following fields are selected: Request Header >> Connection Request Header >> Warning If any of the above fields are not selected, this is a finding. Fix Text Follow the procedures below for each site hosted on the IIS 10.0 web server: Select the website being reviewed. Under "IIS", double-click the "Logging" icon. Configure the "Format:" under "Log File" to "W3C". Select "Fields". Under "Custom Fields", select the following fields: Request Header >> Connection Request Header >> Warning Click "OK". Select "Apply" from the "Actions" pane. Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be OPEN on 10/23/2025 Site: Exchange Back End ResultHash: 7599E6F84AF0FE02631E378C3BDEFF3AC6CE19D6 ~~~~~ Log format is 'W3C' The 'Request Header >> Connection' custom field is NOT configured. The 'Request Header >> Warning' custom field is NOT configured. Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Exchange_Back_End_V2R12_20251023-152602.ckl Scan Date: 2026-01-14T12:57:33.300070 Technology Area: Web Review
V-218741	CAT II	MONT-DP-001	Microsoft IIS 10.0 Site Security Technic...	The IIS 10.0 website must produce log records that...		-
Check Text Note: If this server is hosting WSUS, this requirement is Not Applicable. Follow the procedures below for each site hosted on the IIS 10.0 web server: Select the website being reviewed. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Custom Fields", verify the following fields are selected: Request Header >> Connection Request Header >> Warning If any of the above fields are not selected, this is a finding. Fix Text Follow the procedures below for each site hosted on the IIS 10.0 web server: Select the website being reviewed. Under "IIS", double-click the "Logging" icon. Configure the "Format:" under "Log File" to "W3C". Select "Fields". Under "Custom Fields", select the following fields: Request Header >> Connection Request Header >> Warning Click "OK". Select "Apply" from the "Actions" pane. Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be OPEN on 10/23/2025 Site: Default Web Site ResultHash: 7599E6F84AF0FE02631E378C3BDEFF3AC6CE19D6 ~~~~~ Log format is 'W3C' The 'Request Header >> Connection' custom field is NOT configured. The 'Request Header >> Warning' custom field is NOT configured. Comments If the server is hosting WSUS, this is Not Applicable. Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Site_Default_Web_Site_V2R12_20251023-143912.ckl Scan Date: 2026-01-14T12:57:35.375369 Technology Area: Web Review

CUI