CUI

USNS MONTFORD POINT - Findings

Back to Ship Export CSV Download POA&M

Showing 3 of 3 findings (filtered) View Documentation Status (90 tracked)

Vuln ID	Severity	Asset	STIG	Title	Status	Doc Status	Assigned To	Actions
V-218779	CAT II	MONT-MB-002	Microsoft IIS 10.0 Site Security Technic...	Interactive scripts on the IIS 10.0 web server mus...		-
Check Text Determine whether scripts are used on the web server for the target website. Common file extensions include, but are not limited to: .cgi, .pl, .vbs, .class, .c, .php, and .asp. All interactive programs must be placed in unique designated folders based on CGI or ASP script type. For modular and/or third-party applications, it is permissible to have script files in multiple folders. Open the IIS 10.0 Manager. Right-click the IIS 10.0 web site name and select "Explore". Search for the listed script extensions. Each script type must be in its unique designated folder. If scripts are not segregated from web content and in their own unique folders, this is a finding. If the website does not utilize CGI, this finding is Not Applicable. Fix Text All interactive programs must be placed in unique designated folders based on CGI or ASP script type. Open the IIS 10.0 Manager. Right-click the IIS 10.0 web server name and select "Explore". Search for the listed script extensions. Move each script type to its unique designated folder. Set the permissions to the scripts folders as follows: Administrators: FULL TrustedInstaller: FULL SYSTEM: FULL ApplicationPoolId:READ Custom Service Account: READ Users: READ ALL APPLICATION PACKAGES: READ Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be NOT APPLICABLE on 10/23/2025 Site: Default Web Site ResultHash: 6A077B4054A7B71BCF2A558FC6BFD199ED9070AA ~~~~~ CGI is not installed so this requirement is NA. Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Default_Web_Site_V2R12_20251023-152518.ckl Scan Date: 2026-01-14T12:57:33.098574 Technology Area: Web Review
V-218779	CAT II	MONT-MB-002	Microsoft IIS 10.0 Site Security Technic...	Interactive scripts on the IIS 10.0 web server mus...		-
Check Text Determine whether scripts are used on the web server for the target website. Common file extensions include, but are not limited to: .cgi, .pl, .vbs, .class, .c, .php, and .asp. All interactive programs must be placed in unique designated folders based on CGI or ASP script type. For modular and/or third-party applications, it is permissible to have script files in multiple folders. Open the IIS 10.0 Manager. Right-click the IIS 10.0 web site name and select "Explore". Search for the listed script extensions. Each script type must be in its unique designated folder. If scripts are not segregated from web content and in their own unique folders, this is a finding. If the website does not utilize CGI, this finding is Not Applicable. Fix Text All interactive programs must be placed in unique designated folders based on CGI or ASP script type. Open the IIS 10.0 Manager. Right-click the IIS 10.0 web server name and select "Explore". Search for the listed script extensions. Move each script type to its unique designated folder. Set the permissions to the scripts folders as follows: Administrators: FULL TrustedInstaller: FULL SYSTEM: FULL ApplicationPoolId:READ Custom Service Account: READ Users: READ ALL APPLICATION PACKAGES: READ Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be NOT APPLICABLE on 10/23/2025 Site: Exchange Back End ResultHash: 6A077B4054A7B71BCF2A558FC6BFD199ED9070AA ~~~~~ CGI is not installed so this requirement is NA. Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Exchange_Back_End_V2R12_20251023-152602.ckl Scan Date: 2026-01-14T12:57:33.300070 Technology Area: Web Review
V-218779	CAT II	MONT-DP-001	Microsoft IIS 10.0 Site Security Technic...	Interactive scripts on the IIS 10.0 web server mus...		-
Check Text Determine whether scripts are used on the web server for the target website. Common file extensions include, but are not limited to: .cgi, .pl, .vbs, .class, .c, .php, and .asp. All interactive programs must be placed in unique designated folders based on CGI or ASP script type. For modular and/or third-party applications, it is permissible to have script files in multiple folders. Open the IIS 10.0 Manager. Right-click the IIS 10.0 web site name and select "Explore". Search for the listed script extensions. Each script type must be in its unique designated folder. If scripts are not segregated from web content and in their own unique folders, this is a finding. If the website does not utilize CGI, this finding is Not Applicable. Fix Text All interactive programs must be placed in unique designated folders based on CGI or ASP script type. Open the IIS 10.0 Manager. Right-click the IIS 10.0 web server name and select "Explore". Search for the listed script extensions. Move each script type to its unique designated folder. Set the permissions to the scripts folders as follows: Administrators: FULL TrustedInstaller: FULL SYSTEM: FULL ApplicationPoolId:READ Custom Service Account: READ Users: READ ALL APPLICATION PACKAGES: READ Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be NOT APPLICABLE on 10/23/2025 Site: Default Web Site ResultHash: 6A077B4054A7B71BCF2A558FC6BFD199ED9070AA ~~~~~ CGI is not installed so this requirement is NA. Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Site_Default_Web_Site_V2R12_20251023-143912.ckl Scan Date: 2026-01-14T12:57:35.375369 Technology Area: Web Review

CUI