CUI

USNS MONTFORD POINT - Findings

Back to Ship Export CSV Download POA&M

Showing 2 of 2 findings (filtered) View Documentation Status (90 tracked)

Vuln ID	Severity	Asset	STIG	Title	Status	Doc Status	Assigned To	Actions
V-218788	CAT II	MONT-MB-002	Microsoft IIS 10.0 Server Security Techn...	The IIS 10.0 web server must produce log records t...		-
Check Text Note: If the server is hosting WSUS, this is Not Applicable. Access the IIS 10.0 web server IIS Manager. Click the IIS 10.0 web server name. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Custom Fields", verify the following fields have been configured: Request Header >> Connection. Request Header >> Warning. If any of the above fields are not selected, this is a finding. Fix Text Access the IIS 10.0 web server IIS Manager. Click the IIS 10.0 web server name. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Custom Fields", click "Add Field...". For each field being added, give a name unique to what the field is capturing. Click on the "Source Type" drop-down list and select "Request Header". Click the "Source" drop-down list, and select "Connection". Click "OK" to add. Click the "Source Type" drop-down list, and select "Request Header". Click the "Source" drop-down list, and select "Warning". Click "OK" to add. Click "Apply" under the "Actions" pane. Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) found this to be OPEN on 10/23/2025 ResultHash: 7599E6F84AF0FE02631E378C3BDEFF3AC6CE19D6 ~~~~~ Log format is 'W3C' The 'Request Header >> Connection' custom field is NOT configured. The 'Request Header >> Warning' custom field is NOT configured. Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Server_V3R4_20251023-152431.ckl Scan Date: 2026-01-14T12:57:32.874734 Technology Area: Web Review
V-218788	CAT II	MONT-DP-001	Microsoft IIS 10.0 Server Security Techn...	The IIS 10.0 web server must produce log records t...		-
Check Text Note: If the server is hosting WSUS, this is Not Applicable. Access the IIS 10.0 web server IIS Manager. Click the IIS 10.0 web server name. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Custom Fields", verify the following fields have been configured: Request Header >> Connection. Request Header >> Warning. If any of the above fields are not selected, this is a finding. Fix Text Access the IIS 10.0 web server IIS Manager. Click the IIS 10.0 web server name. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Custom Fields", click "Add Field...". For each field being added, give a name unique to what the field is capturing. Click on the "Source Type" drop-down list and select "Request Header". Click the "Source" drop-down list, and select "Connection". Click "OK" to add. Click the "Source Type" drop-down list, and select "Request Header". Click the "Source" drop-down list, and select "Warning". Click "OK" to add. Click "Apply" under the "Actions" pane. Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) found this to be OPEN on 10/23/2025 ResultHash: 7599E6F84AF0FE02631E378C3BDEFF3AC6CE19D6 ~~~~~ Log format is 'W3C' The 'Request Header >> Connection' custom field is NOT configured. The 'Request Header >> Warning' custom field is NOT configured. Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Server_V3R4_20251023-143809.ckl Scan Date: 2026-01-14T12:57:35.201603 Technology Area: Web Review

CUI