| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218817 | CAT II | MONT-MB-002 | Microsoft IIS 10.0 Server Security Techn... | The IIS 10.0 web server must not be running on a s... | Documented Pending Review | |||
Check TextReview programs installed on the OS. Open Control Panel. Open Programs and Features. The following programs may be installed without any additional documentation: Administration Pack for IIS IIS Search Engine Optimization Toolkit Microsoft .NET Framework version 3.5 SP1 or greater Microsoft Web Platform Installer version 3.x or greater Virtual Machine Additions Review the installed programs, if any programs are installed other than those listed above, this is a finding. Note: If additional software is needed and has supporting documentation signed by the ISSO, this is not a finding. Fix TextRemove all unapproved programs and roles from the production web server. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 26B56AA4890034FEFE642B4B70A10F246553B7EA ~~~~~ Software installed on this system: ActivID ActivClient x64 Axway Desktop Validator CRLAutoCache DoD Secure Host Baseline Server IIS URL Rewrite Module 2 InstallRoot Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Lync Server 2013, Bootstrapper Prerequisites Installer Package Microsoft NetBanner Microsoft Server Speech Platform Runtime (x64) Microsoft Speech Platform VXML Runtime (x64) Microsoft Unified Communications Managed API 4.0, Runtime Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33130 Trellix Agent Trellix Data Loss Prevention - Endpoint Trellix Endpoint Security Firewall Trellix Endpoint Security Platform Trellix Endpoint Security Threat Prevention Trellix Policy Auditor Agent Trellix Security for Microsoft Exchange Trellix Solidifier Veritas Backup Exec Remote Agent for Windows WinZip 27.0 CommentsDocumentation: Note: If additional software is needed and has supporting documentation signed by the ISSO, this is not a finding.
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Server_V3R4_20251023-152431.ckl
Scan Date: 2026-01-14T12:57:32.874734
Technology Area: Web Review
|
||||||||
| V-218817 | CAT II | MONT-DP-001 | Microsoft IIS 10.0 Server Security Techn... | The IIS 10.0 web server must not be running on a s... | Documented Pending Review | |||
Check TextReview programs installed on the OS. Open Control Panel. Open Programs and Features. The following programs may be installed without any additional documentation: Administration Pack for IIS IIS Search Engine Optimization Toolkit Microsoft .NET Framework version 3.5 SP1 or greater Microsoft Web Platform Installer version 3.x or greater Virtual Machine Additions Review the installed programs, if any programs are installed other than those listed above, this is a finding. Note: If additional software is needed and has supporting documentation signed by the ISSO, this is not a finding. Fix TextRemove all unapproved programs and roles from the production web server. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 76962F0DD58B62702CD4E14318F6671588F2664D ~~~~~ Software installed on this system: ActivID ActivClient x64 Axway Desktop Validator CRLAutoCache DoD Secure Host Baseline Server InstallRoot Microsoft NetBanner Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 Trellix Agent Trellix Data Loss Prevention - Endpoint Trellix Endpoint Security Firewall Trellix Endpoint Security Platform Trellix Endpoint Security Threat Prevention Trellix Policy Auditor Agent Trellix Solidifier Veritas Backup Exec Remote Agent for Windows WinZip 27.0 Commentsdocumentation
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Server_V3R4_20251023-143809.ckl
Scan Date: 2026-01-14T12:57:35.201603
Technology Area: Web Review
|
||||||||