| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218820 | CAT II | SCHR-P3-DP-001 | Microsoft IIS 10.0 Server Security Techn... | IIS 10.0 web server session IDs must be sent to th... | - | |||
Check TextOpen the IIS 10.0 Manager. Click the IIS 10.0 web server name. Under the "Management" section, double-click the "Configuration Editor" icon. From the "Section:" drop-down list, select "system.webServer/asp". Expand the "session" section. Verify the "keepSessionIdSecure" is set to "True". If the "keepSessionIdSecure" is not set to "True", this is a finding. Fix TextOpen the IIS 10.0 Manager. Click the IIS 10.0 web server name. Under "Management" section, double-click the "Configuration Editor" icon. From the "Section:" drop-down list, select "system.webServer/asp". Expand the "session" section. Select "True" for the "keepSessionIdSecure" setting. Select "Apply" from the "Actions" pane. Finding DetailsEvaluate-STIG 1.2601.0 (Scan-IIS10_0_Server_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: C25C8289B0EA2E5E62D0AB638195DFF95EA06806 ~~~~~ keepSessionIdSecure is set to True
Source: SCHR-P3-DP-001_IIS10Server_V3R6_20260305-132942.cklb
Scan Date: 2026-03-12T15:38:14.420977
Technology Area: Web Review
|
||||||||