| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218791 | CAT II | MONT-MB-002 | Microsoft IIS 10.0 Server Security Techn... | The log data and records from the IIS 10.0 web ser... | - | |||
Check TextThe IIS 10.0 web server and website log files should be backed up by the system backup. To determine if log files are backed up by the system backup, determine the location of the web server log files and each website's log files. Open the IIS 10.0 Manager. Click the IIS 10.0 server name. Click the "Logging" icon. Under "Log File" >> "Directory" obtain the path of the log file. Once all locations are known, consult with the System Administrator to review the server's backup procedure and policy. Verify the paths of all log files are part of the system backup. Verify log files are backed up to an unrelated system or onto separate media on which the system the web server is running. If the paths of all log files are not part of the system backup and/or not backed up to a separate media, this is a finding. Fix TextConfigure system backups to include the directory paths of all IIS 10.0 web server and website log files. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 4E65C7A927C3FAF7C6E15A6C69DBCCD274373B4D ~~~~~ Log Directory: D:\inetpub\logs\LogFiles Ensure the logs in the directory above are being backed up.
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Server_V3R4_20251023-152431.ckl
Scan Date: 2026-01-14T12:57:32.874734
Technology Area: Web Review
|
||||||||
| V-218791 | CAT II | MONT-DP-001 | Microsoft IIS 10.0 Server Security Techn... | The log data and records from the IIS 10.0 web ser... | - | |||
Check TextThe IIS 10.0 web server and website log files should be backed up by the system backup. To determine if log files are backed up by the system backup, determine the location of the web server log files and each website's log files. Open the IIS 10.0 Manager. Click the IIS 10.0 server name. Click the "Logging" icon. Under "Log File" >> "Directory" obtain the path of the log file. Once all locations are known, consult with the System Administrator to review the server's backup procedure and policy. Verify the paths of all log files are part of the system backup. Verify log files are backed up to an unrelated system or onto separate media on which the system the web server is running. If the paths of all log files are not part of the system backup and/or not backed up to a separate media, this is a finding. Fix TextConfigure system backups to include the directory paths of all IIS 10.0 web server and website log files. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 74E69E807F3DCC8CA324A8C5947BC62D9FE1A815 ~~~~~ Log Directory: %SystemDrive%\inetpub\logs\LogFiles Ensure the logs in the directory above are being backed up.
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Server_V3R4_20251023-143809.ckl
Scan Date: 2026-01-14T12:57:35.201603
Technology Area: Web Review
|
||||||||