Vulnerability V-218802

V-218802

CAT I

IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.

Ships Affected: 2
Total Findings: 3
Open: 1
Closed: 1

Check Text

Obtain a list of the user accounts with access to the system, including all local and domain accounts. Review the privileges to the web server for each account. Verify with the system administrator or the ISSO that all privileged accounts are mission essential and documented. Verify with the system administrator or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented. If undocumented privileged accounts are found, this is a finding. If undocumented non-administrator access to shell scripts and operating system functions are found, this is a finding. If this IIS 10 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable.

Fix Text

Ensure non-administrators are not allowed access to the directory tree, the shell, or other operating system functions and utilities. All non-administrator access to shell scripts and operating system functions must be mission essential and documented.

STIG Reference

STIG: Microsoft IIS 10.0 Server Security Technical Implementation Guide
Version: 3
Release: 7
Rule ID: SV-218802r1138072_rule

All Occurrences

This vulnerability appears on 2 ship(s)

Ship	Hull #	Source File	Assigned To	Scan Date	Actions
LAB BASELINES	BASELINE	SCHR-P3-DP-001_IIS10Server_V3R6_20260305-132942.cklb	Unassigned	2026-03-12T15:38:14.420977	View in Context
USNS MONTFORD POINT	T-ESD-1	_Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Server_V3R4_20251023-143809.ckl	Unassigned	2026-01-14T12:57:35.201603	View in Context
USNS MONTFORD POINT	T-ESD-1	_Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Server_V3R4_20251023-152431.ckl	Unassigned	2026-01-14T12:57:32.874734	View in Context