CUI

USNS MONTFORD POINT - Findings

Back to Ship Export CSV Download POA&M

Showing 2 of 2 findings (filtered) View Documentation Status (90 tracked)

Vuln ID	Severity	Asset	STIG	Title	Status	Doc Status	Assigned To	Actions
V-218823	CAT I	MONT-MB-002	Microsoft IIS 10.0 Server Security Techn...	All accounts installed with the IIS 10.0 web serve...		Documented Pending Review
Check Text Access the IIS 10.0 web server. Access the "Apps" menu. Under "Administrative Tools", select "Computer Management". In left pane, expand "Local Users and Groups" and click "Users". Review the local users listed in the middle pane. If any local accounts are present and used by IIS 10.0, verify with System Administrator that default passwords have been changed. If passwords have not been changed from the default, this is a finding. Fix Text Access the IIS 10.0 web server. Access the "Apps" menu. Under Administrative Tools, select Computer Management. In left pane, expand "Local Users and Groups" and click on "Users". Change passwords for any local accounts present that are used by IIS 10.0, then verify with System Administrator default passwords have been changed. Develop an internal process for changing passwords on a regular basis. Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 7B7215D4389023C21A17987544BF8519AB42A58E ~~~~~ Local user accounts on this system. Confirm if any are used by IIS and if so, verify that default passwords have been changed: Name: DOD_Admin Enabled: True SID: S-1-5-21-3803552116-1809661109-1744339665-1000 Password Age: 888 days Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Server_V3R4_20251023-152431.ckl Scan Date: 2026-01-14T12:57:32.874734 Technology Area: Web Review
V-218823	CAT I	MONT-DP-001	Microsoft IIS 10.0 Server Security Techn...	All accounts installed with the IIS 10.0 web serve...		Documented Pending Review
Check Text Access the IIS 10.0 web server. Access the "Apps" menu. Under "Administrative Tools", select "Computer Management". In left pane, expand "Local Users and Groups" and click "Users". Review the local users listed in the middle pane. If any local accounts are present and used by IIS 10.0, verify with System Administrator that default passwords have been changed. If passwords have not been changed from the default, this is a finding. Fix Text Access the IIS 10.0 web server. Access the "Apps" menu. Under Administrative Tools, select Computer Management. In left pane, expand "Local Users and Groups" and click on "Users". Change passwords for any local accounts present that are used by IIS 10.0, then verify with System Administrator default passwords have been changed. Develop an internal process for changing passwords on a regular basis. Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 8AE742FA7487414B54F49AFC49412799439832C2 ~~~~~ Local user accounts on this system. Confirm if any are used by IIS and if so, verify that default passwords have been changed: Name: DOD_Admin Enabled: True SID: S-1-5-21-388225469-2825430915-2362864043-1000 Password Age: 884 days Comments documentation Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Server_V3R4_20251023-143809.ckl Scan Date: 2026-01-14T12:57:35.201603 Technology Area: Web Review

CUI