| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218793 | CAT II | SCHR-P3-DP-001 | Microsoft IIS 10.0 Server Security Techn... | The IIS 10.0 web server must only contain function... | - | |||
Check TextClick “Start”. Open Control Panel. Click “Programs”. Click “Programs and Features”. Review the installed programs. If any programs are installed other than those required for the IIS 10.0 web services, this is a finding. Note: If additional software is needed, supporting documentation must be signed by the ISSO. Fix TextRemove all unapproved programs and roles from the production IIS 10.0 web server. Finding DetailsEvaluate-STIG 1.2601.0 (Scan-IIS10_0_Server_Checks) was unable to determine a Status but found the below configuration on 03/05/2026: ResultHash: 909864146B7EF18AC7E6CCAEB573BFB88320271A ~~~~~ Software installed on this system: ActivID ActivClient x64 Axway Desktop Validator CRLAutoCache DoD Secure Host Baseline Server InstallRoot Microsoft Edge Microsoft NetBanner Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33130 STIG Viewer 3 (Machine) Veritas Backup Exec Remote Agent for Windows WinZip 23.0 CommentsEnsured that the IIS 10.0 web server contains only the functions necessary for its operation. This involved removing or disabling any unnecessary features, services, and modules to minimize potential security risks. This is Not a Finding
Source: SCHR-P3-DP-001_IIS10Server_V3R6_20260305-132942.cklb
Scan Date: 2026-03-12T15:38:14.420977
Technology Area: Web Review
|
||||||||