| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218769 | CAT II | MONT-MB-002 | Microsoft IIS 10.0 Site Security Technic... | IIS 10.0 website session IDs must be sent to the c... | - | |||
Check TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Access the IIS 10.0 Manager. Select the website being reviewed. Under "Management" section, double-click the "Configuration Editor" icon. From the "Section:" drop-down list, select "system.webServer/asp". Expand the "session" section. Verify the "keepSessionIdSecure" is set to "True". If the "keepSessionIdSecure" is not set to "True", this is a finding. Fix TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Access the IIS 10.0 Manager. Select the website being reviewed. Under "Management" section, double-click the "Configuration Editor" icon. From the "Section:" drop-down list, select "system.webServer/asp". Expand the "session" section. Select "True" for the "keepSessionIdSecure" setting. Select "Apply" from the "Actions" pane. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be NOT A FINDING on 10/23/2025 Site: Default Web Site ResultHash: 88428619BE4167554B71D4EBAEE30C7BD51B4A99 ~~~~~ KeepSessionIdSecure is set to 'True'
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Default_Web_Site_V2R12_20251023-152518.ckl
Scan Date: 2026-01-14T12:57:33.098574
Technology Area: Web Review
|
||||||||
| V-218769 | CAT II | MONT-MB-002 | Microsoft IIS 10.0 Site Security Technic... | IIS 10.0 website session IDs must be sent to the c... | - | |||
Check TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Access the IIS 10.0 Manager. Select the website being reviewed. Under "Management" section, double-click the "Configuration Editor" icon. From the "Section:" drop-down list, select "system.webServer/asp". Expand the "session" section. Verify the "keepSessionIdSecure" is set to "True". If the "keepSessionIdSecure" is not set to "True", this is a finding. Fix TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Access the IIS 10.0 Manager. Select the website being reviewed. Under "Management" section, double-click the "Configuration Editor" icon. From the "Section:" drop-down list, select "system.webServer/asp". Expand the "session" section. Select "True" for the "keepSessionIdSecure" setting. Select "Apply" from the "Actions" pane. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be NOT A FINDING on 10/23/2025 Site: Exchange Back End ResultHash: 88428619BE4167554B71D4EBAEE30C7BD51B4A99 ~~~~~ KeepSessionIdSecure is set to 'True'
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Exchange_Back_End_V2R12_20251023-152602.ckl
Scan Date: 2026-01-14T12:57:33.300070
Technology Area: Web Review
|
||||||||
| V-218769 | CAT II | MONT-DP-001 | Microsoft IIS 10.0 Site Security Technic... | IIS 10.0 website session IDs must be sent to the c... | - | |||
Check TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Access the IIS 10.0 Manager. Select the website being reviewed. Under "Management" section, double-click the "Configuration Editor" icon. From the "Section:" drop-down list, select "system.webServer/asp". Expand the "session" section. Verify the "keepSessionIdSecure" is set to "True". If the "keepSessionIdSecure" is not set to "True", this is a finding. Fix TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Access the IIS 10.0 Manager. Select the website being reviewed. Under "Management" section, double-click the "Configuration Editor" icon. From the "Section:" drop-down list, select "system.webServer/asp". Expand the "session" section. Select "True" for the "keepSessionIdSecure" setting. Select "Apply" from the "Actions" pane. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be NOT A FINDING on 10/23/2025 Site: Default Web Site ResultHash: 88428619BE4167554B71D4EBAEE30C7BD51B4A99 ~~~~~ KeepSessionIdSecure is set to 'True'
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Site_Default_Web_Site_V2R12_20251023-143912.ckl
Scan Date: 2026-01-14T12:57:35.375369
Technology Area: Web Review
|
||||||||