Vulnerability V-218763

V-218763

CAT II

The IIS 10.0 websites connectionTimeout setting must be explicitly configured to disconnect an idle session.

Ships Affected: 2
Total Findings: 4
Open: 3
Closed: 1

Check Text

Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Select "Configuration Editor" under the "Management" section. From the "Section:" drop-down list at the top of the configuration editor, locate "system.web/sessionState". Verify the "timeout" is set to "00:15:00 or less”. If "timeout" is not set to "00:15:00 or less”, this is a finding.

Fix Text

Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Select "Configuration Editor" under the "Management" section. From the "Section:" drop-down list at the top of the configuration editor, locate "system.web/sessionState". Set the "timeout" to "00:15:00 or less”. In the "Actions" pane, click "Apply".

STIG Reference

STIG: Microsoft IIS 10.0 Site Security Technical Implementation Guide
Version: 2
Release: 15
Rule ID: SV-218763r1043182_rule

All Occurrences

This vulnerability appears on 2 ship(s)

Ship	Hull #	Source File	Assigned To	Scan Date	Actions
LAB BASELINES	BASELINE	SCHR-P3-DP-001_IIS10Site_Default_Web_Site_V2R14_20260305-133115.cklb	Unassigned	2026-03-12T15:38:14.459023	View in Context
USNS MONTFORD POINT	T-ESD-1	_Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Site_Default_Web_Site_V2R12_20251023-143912.ckl	Unassigned	2026-01-14T12:57:35.375369	View in Context
USNS MONTFORD POINT	T-ESD-1	_Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Exchange_Back_End_V2R12_20251023-152602.ckl	Unassigned	2026-01-14T12:57:33.300070	View in Context
USNS MONTFORD POINT	T-ESD-1	_Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Default_Web_Site_V2R12_20251023-152518.ckl	Unassigned	2026-01-14T12:57:33.098574	View in Context