| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218737 | CAT II | SCHR-P3-DP-001 | Microsoft IIS 10.0 Site Security Technic... | A private IIS 10.0 website must only accept Secure... | - | |||
Check TextNote: If the server being reviewed is a public IIS 10.0 web server, this is Not Applicable. Note: If the server is hosting SharePoint, this is Not Applicable. Note: If the server is hosting WSUS, this is Not Applicable. Note: If SSL is installed on load balancer/proxy server through which traffic is routed to the IIS 10.0 server, and the IIS 10.0 server receives traffic from the load balancer/proxy server, the SSL requirement must be met on the load balancer/proxy server and is Not Applicable in this STIG. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Double-click the "SSL Settings" icon. Verify "Require SSL" check box is selected. If the "Require SSL" check box is not selected, this is a finding. Fix TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Double-click the "SSL Settings" icon. Select "Require SSL" check box. Select "Apply" from the "Actions" pane. Finding DetailsEvaluate-STIG 1.2601.0 (Scan-IIS10_0_Site_Checks) was unable to determine a Status but found the below configuration on 03/05/2026: Site: Default Web Site ResultHash: 1F8B0BF251048DDF52481451B9AA669A5C254D2B ~~~~~ Require SSL is NOT enabled CommentsEnsured only Secure Socket Layer (SSL) connections are accepted by enabling the "Require SSL" setting in IIS Manager. This is Not A Finding
Source: SCHR-P3-DP-001_IIS10Site_Default_Web_Site_V2R14_20260305-133115.cklb
Scan Date: 2026-03-12T15:38:14.459023
Technology Area: Web Review
|
||||||||