Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The web site must have a unique application pool.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13703 | WA000-WI6010 IIS6 | SV-38137r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Application pools isolate sites and applications to address reliability, availability, and security issues. Sites and applications may be grouped according to configurations, although each site will be associated with a unique application pool. |
| STIG | Date |
|---|---|
| IIS6 Site | 2014-12-10 |
Details
| Check Text ( C-37380r2_chk ) |
|---|
| 1. Open the IIS Manager > Right click on the website being reviewed > Select the Home Directory tab. 2. Review the Application settings area and note the name listed next to Application pool. 3. Ensure this Application pool is not listed as any other sites Application Pool. If there is not a unique application pool configured for the web site being reviewed, this is a finding. NOTE: The default Application Pool is not considered unique and would be a finding if the web site is using this one. |
| Fix Text (F-32617r1_fix) |
|---|
| 1. Open the IIS Manager > Right click on the website being reviewed > Select the Home Directory tab. 2. Go to the Application settings area > Select the Application pool drop down > Select the unique Application pool for the web site. 3. Press OK. |