| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218766 | CAT II | SCHR-P3-DP-001 | Microsoft IIS 10.0 Site Security Technic... | The IIS 10.0 websites must use ports, protocols, a... | - | |||
Check TextNote: If the server is providing OCSP, and not otherwise hosting any content, this requirement is not applicable. Review the website to determine if HTTP and HTTPs (e.g., 80 and 443) are used in accordance with those ports and services registered and approved for use by the DOD PPSM. Any variation in PPS will be documented, registered, and approved by the PPSM. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. In the "Action" Pane, click "Bindings". Review the ports and protocols. If unknown ports or protocols are used, then this is a finding. Fix TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. In the "Action" Pane, click "Bindings". Edit to change an existing binding and set the correct ports and protocol. Finding DetailsEvaluate-STIG 1.2601.0 (Scan-IIS10_0_Site_Checks) found this to be NOT A FINDING on 03/05/2026 Site: Default Web Site ResultHash: D43BD30938BEE28D70E09D5B397315762DD4C2D3 ~~~~~ All ports are PPSM approved. Below are the current HTTP and HTTPS bindings: http (*:80:)
Source: SCHR-P3-DP-001_IIS10Site_Default_Web_Site_V2R14_20260305-133115.cklb
Scan Date: 2026-03-12T15:38:14.459023
Technology Area: Web Review
|
||||||||