V-218736
CAT IIThe IIS 10.0 website session state cookie settings must be configured to Use Cookies mode.
- Ships Affected
- 2
- Total Findings
- 4
- Open
- 0
- Closed
- 3
Check Text
Note: If ASP.NET is not installed, this is Not Applicable.
Follow the procedures below for each site hosted on the IIS 10.0 web server:
Open the IIS 10.0 Manager.
Click the site name.
Under the "ASP.NET" section, select "Session State".
Under "Cookie Settings", verify the "Use Cookies" mode is selected from the "Mode:" drop-down list.
If the "Use Cookies" mode is selected, this is not a finding.
Alternative method:
Click the site name.
Select "Configuration Editor" under the "Management" section.
From the "Section:" drop-down list at the top of the configuration editor, locate "system.web/sessionState".
Verify the "cookieless" is set to "UseCookies".
If the "cookieless" is not set to "UseCookies", this is a finding.
Note: If IIS 10.0 server/site is used only for system-to-system maintenance, does not allow users to connect to interface, and is restricted to specific system IPs, this is Not Applicable.
Fix Text
Follow the procedures below for each site hosted on the IIS 10.0 web server:
Open the IIS 10.0 Manager.
Click the site name.
Under the ASP.NET section, select "Session State".
Under "Cookie Settings", select the "Use Cookies" from the "Mode:" drop-down list.
Select "Apply" from the "Actions" pane.
STIG Reference
- STIG
- Microsoft IIS 10.0 Site Security Technical Implementation Guide
- Version
- 2
- Release
- 15
- Rule ID
- SV-218736r1022669_rule
All Occurrences
This vulnerability appears on 2 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| LAB BASELINES | BASELINE | SCHR-P3-DP-001_IIS10Site_Default_Web_Site_V2R14_20260305-133115.cklb | Unassigned | 2026-03-12T15:38:14.459023 | View in Context | |
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Site_Default_Web_Site_V2R12_20251023-143912.ckl | Unassigned | 2026-01-14T12:57:35.375369 | View in Context | |
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Exchange_Back_End_V2R12_20251023-152602.ckl | Unassigned | 2026-01-14T12:57:33.300070 | View in Context | |
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Default_Web_Site_V2R12_20251023-152518.ckl | Unassigned | 2026-01-14T12:57:33.098574 | View in Context |