| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218739 | CAT II | SCHR-P3-DP-001 | Microsoft IIS 10.0 Site Security Technic... | Both the log file and Event Tracing for Windows (E... | - | |||
Check TextNote: If this server is hosting WSUS, this requirement is Not Applicable. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Click the "Logging" icon. Under Log Event Destination, verify the "Both log file and ETW event" radio button is selected. If the "Both log file and ETW event" radio button is not selected, this is a finding. Note: "Microsoft-IIS-Logging/logs" must be enabled prior to configuring this setting. More configuration information is available at: https://blogs.intelink.gov/blogs/_disairrt/?p=1317 Fix TextNote: "Microsoft-IIS-Logging/logs" must be enabled prior to configuring this setting. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Click the "Logging" icon. Under Log Event Destination, select the "Both log file and ETW event" radio button. Select "Apply" from the "Actions" pane. Finding DetailsEvaluate-STIG 1.2601.0 (Scan-IIS10_0_Site_Checks) found this to be OPEN on 03/05/2026 Site: Default Web Site ResultHash: 0B44ED3D6039C1A0BDB60FE41477857D9DAB447E ~~~~~ 'File' is the only option selected. CommentsManual check shows setting as follows: Both ETW and Log file logging are enabled. This is Not a Finding
Source: SCHR-P3-DP-001_IIS10Site_Default_Web_Site_V2R14_20260305-133115.cklb
Scan Date: 2026-03-12T15:38:14.459023
Technology Area: Web Review
|
||||||||