| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218822 | CAT II | MONT-MB-002 | Microsoft IIS 10.0 Server Security Techn... | The IIS 10.0 web server must maintain the confiden... | - | |||
Check TextReview the web server documentation and deployed configuration to determine which version of TLS is being used. If the TLS version is not TLS 1.2 or higher, according to NIST SP 800-52, or if non-FIPS-approved algorithms are enabled, this is a finding. Fix TextConfigure the web server to use an approved TLS version according to NIST SP 800-52 and to disable all non-approved versions. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 4BDF84B533F31E10B68E8C1D4A5EA500F955AE4A ~~~~~ HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server ValueName 'DisabledByDefault' is '0' (REG_DWORD) HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server ValueName 'DisabledByDefault' is '1' (REG_DWORD) ValueName 'Enabled' is '0' (REG_DWORD) HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server ValueName 'DisabledByDefault' is '1' (REG_DWORD) ValueName 'Enabled' is '0' (REG_DWORD) HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server ValueName 'DisabledByDefault' is '1' (REG_DWORD) ValueName 'Enabled' is '0' (REG_DWORD) HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server ValueName 'DisabledByDefault' is '1' (REG_DWORD) ValueName 'Enabled' is '0' (REG_DWORD)
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Server_V3R4_20251023-152431.ckl
Scan Date: 2026-01-14T12:57:32.874734
Technology Area: Web Review
|
||||||||
| V-218822 | CAT II | MONT-DP-001 | Microsoft IIS 10.0 Server Security Techn... | The IIS 10.0 web server must maintain the confiden... | - | |||
Check TextReview the web server documentation and deployed configuration to determine which version of TLS is being used. If the TLS version is not TLS 1.2 or higher, according to NIST SP 800-52, or if non-FIPS-approved algorithms are enabled, this is a finding. Fix TextConfigure the web server to use an approved TLS version according to NIST SP 800-52 and to disable all non-approved versions. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 4BDF84B533F31E10B68E8C1D4A5EA500F955AE4A ~~~~~ HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server ValueName 'DisabledByDefault' is '0' (REG_DWORD) HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server ValueName 'DisabledByDefault' is '1' (REG_DWORD) ValueName 'Enabled' is '0' (REG_DWORD) HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server ValueName 'DisabledByDefault' is '1' (REG_DWORD) ValueName 'Enabled' is '0' (REG_DWORD) HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server ValueName 'DisabledByDefault' is '1' (REG_DWORD) ValueName 'Enabled' is '0' (REG_DWORD) HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server ValueName 'DisabledByDefault' is '1' (REG_DWORD) ValueName 'Enabled' is '0' (REG_DWORD)
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Server_V3R4_20251023-143809.ckl
Scan Date: 2026-01-14T12:57:35.201603
Technology Area: Web Review
|
||||||||