| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218792 | CAT II | SCHR-P3-DP-001 | Microsoft IIS 10.0 Server Security Techn... | The IIS 10.0 web server must not perform user mana... | - | |||
Check TextInterview the System Administrator about the role of the IIS 10.0 web server. If the IIS 10.0 web server is hosting an application, have the SA provide supporting documentation on how the application's user management is accomplished outside of the IIS 10.0 web server. If the IIS 10.0 web server is not hosting an application, this is Not Applicable. If the IIS web server is performing user management for hosted applications, this is a finding. If the IIS 10.0 web server is hosting an application and the SA cannot provide supporting documentation on how the application's user management is accomplished outside of the IIS 10.0 web server, this is a finding. Fix TextReconfigure any hosted applications on the IIS 10.0 web server to perform user management outside the IIS 10.0 web server. Document how the hosted application user management is accomplished. CommentsEnsured that user management for hosted applications is performed outside of the IIS 10.0 web server. Utilized enterprise-wide user management solutions, such as LDAP or Active Directory, to handle user authentication and management. This is Not a Finding
Source: SCHR-P3-DP-001_IIS10Server_V3R6_20260305-132942.cklb
Scan Date: 2026-03-12T15:38:14.420977
Technology Area: Web Review
|
||||||||