Vulnerability V-218769

V-218769

CAT II

IIS 10.0 website session IDs must be sent to the client using TLS.

Ships Affected: 2
Total Findings: 4
Open: 0
Closed: 4

Check Text

Follow the procedures below for each site hosted on the IIS 10.0 web server: Access the IIS 10.0 Manager. Select the website being reviewed. Under "Management" section, double-click the "Configuration Editor" icon. From the "Section:" drop-down list, select "system.webServer/asp". Expand the "session" section. Verify the "keepSessionIdSecure" is set to "True". If the "keepSessionIdSecure" is not set to "True", this is a finding.

Fix Text

Follow the procedures below for each site hosted on the IIS 10.0 web server: Access the IIS 10.0 Manager. Select the website being reviewed. Under "Management" section, double-click the "Configuration Editor" icon. From the "Section:" drop-down list, select "system.webServer/asp". Expand the "session" section. Select "True" for the "keepSessionIdSecure" setting. Select "Apply" from the "Actions" pane.

STIG Reference

STIG: Microsoft IIS 10.0 Site Security Technical Implementation Guide
Version: 2
Release: 15
Rule ID: SV-218769r961632_rule

All Occurrences

This vulnerability appears on 2 ship(s)

Ship	Hull #	Source File	Assigned To	Scan Date	Actions
LAB BASELINES	BASELINE	SCHR-P3-DP-001_IIS10Site_Default_Web_Site_V2R14_20260305-133115.cklb	Unassigned	2026-03-12T15:38:14.459023	View in Context
USNS MONTFORD POINT	T-ESD-1	_Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Site_Default_Web_Site_V2R12_20251023-143912.ckl	Unassigned	2026-01-14T12:57:35.375369	View in Context
USNS MONTFORD POINT	T-ESD-1	_Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Exchange_Back_End_V2R12_20251023-152602.ckl	Unassigned	2026-01-14T12:57:33.300070	View in Context
USNS MONTFORD POINT	T-ESD-1	_Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Default_Web_Site_V2R12_20251023-152518.ckl	Unassigned	2026-01-14T12:57:33.098574	View in Context