CUI

USNS MONTFORD POINT - Findings

Back to Ship Export CSV Download POA&M

Showing 2 of 2 findings (filtered) View Documentation Status (90 tracked)

Vuln ID	Severity	Asset	STIG	Title	Status	Doc Status	Assigned To	Actions
V-218789	CAT II	MONT-MB-002	Microsoft IIS 10.0 Server Security Techn...	The IIS 10.0 web server must produce log records c...		-
Check Text Note: If the server is hosting WSUS, this is Not Applicable. Access the IIS 10.0 web server IIS Manager. Click the IIS 10.0 web server name. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Standard Fields", verify "User Agent", "User Name", and "Referrer" are selected. Under "Custom Fields", verify the following field has been configured: Request Header >> Authorization. Response Header >> Content-Type. If any of the above fields are not selected, this is a finding. Fix Text Access the IIS 10.0 web server IIS Manager. Click the IIS 10.0 web server name. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Standard Fields", select "User Agent", "User Name", and "Referrer". Under "Custom Fields", select the following fields: Click the "Source Type" drop-down list, and select "Request Header". Click on "Source" drop-down, list and select "Authorization". Click "OK" to add. Click the "Source" drop-down list, and select "Content-Type". Click the "Source Type" drop-down list, and select "Response Header". Click "OK" to add. Click "OK". Click "Apply" under the "Actions" pane. Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) found this to be OPEN on 10/23/2025 ResultHash: C3C26BB04CA1EEAB0A14FFB0A603274C530242F3 ~~~~~ Log format is 'W3C' User Agent, User Name, and Referrer are all logged. The 'Request Header >> Authorization' custom field is NOT configured. The 'Response Header >> Content-Type' custom field is NOT configured. Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Server_V3R4_20251023-152431.ckl Scan Date: 2026-01-14T12:57:32.874734 Technology Area: Web Review
V-218789	CAT II	MONT-DP-001	Microsoft IIS 10.0 Server Security Techn...	The IIS 10.0 web server must produce log records c...		-
Check Text Note: If the server is hosting WSUS, this is Not Applicable. Access the IIS 10.0 web server IIS Manager. Click the IIS 10.0 web server name. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Standard Fields", verify "User Agent", "User Name", and "Referrer" are selected. Under "Custom Fields", verify the following field has been configured: Request Header >> Authorization. Response Header >> Content-Type. If any of the above fields are not selected, this is a finding. Fix Text Access the IIS 10.0 web server IIS Manager. Click the IIS 10.0 web server name. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Standard Fields", select "User Agent", "User Name", and "Referrer". Under "Custom Fields", select the following fields: Click the "Source Type" drop-down list, and select "Request Header". Click on "Source" drop-down, list and select "Authorization". Click "OK" to add. Click the "Source" drop-down list, and select "Content-Type". Click the "Source Type" drop-down list, and select "Response Header". Click "OK" to add. Click "OK". Click "Apply" under the "Actions" pane. Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) found this to be OPEN on 10/23/2025 ResultHash: C3C26BB04CA1EEAB0A14FFB0A603274C530242F3 ~~~~~ Log format is 'W3C' User Agent, User Name, and Referrer are all logged. The 'Request Header >> Authorization' custom field is NOT configured. The 'Response Header >> Content-Type' custom field is NOT configured. Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Server_V3R4_20251023-143809.ckl Scan Date: 2026-01-14T12:57:35.201603 Technology Area: Web Review

CUI