| 1. Open the IIS Manager > Expand the Web Sites directory > Right click on the site being reviewed and select properties. |
2. Select the Web Site tab > Click on the properties button beside the log format dropdown.
3. Note the log file path under Log file directory.
4. Navigate to this location.
5. Right click on the directories and files in this location > Select properties > Select the Security tab.
6. Ensure only the System, Administrators, and Auditors group have greater than Read permission.
If any users or groups, other than System, Administrators, or Auditors, have greater than read permission to the log directories and files, this is a finding.
NOTE: The Auditor group does not have to have the name Auditors, but the site will need to identify the group containing the auditors.