Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Log files must consist of the required data fields.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13688 | WG242 IIS7 | SV-32480r1_rule | ECAR-1 ECAR-2 ECAR-3 | Medium |
| Description |
|---|
| Log files are a critical component to the successful management of an IS used within the DoD. By generating log files with useful information web administrators can leverage them in the event of a disaster, malicious attack, or other site specific needs. |
| STIG | Date |
|---|---|
| IIS 7.0 WEB SITE STIG | 2011-08-19 |
Details
| Check Text ( C-32795r1_chk ) |
|---|
| Follow the procedures below for each site under review: 1. Open the IIS Manager. 2. Click the site name. 3. Click the Logging icon. 4. Under Format select W3C. 5. Click Select Fields, ensure at a minimum the following fields are checked: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer. If not, this is a finding. |
| Fix Text (F-29074r1_fix) |
|---|
| 1. Open the IIS Manager. 2. Click the site name. 3. Click the Logging icon. 4. Under Format select W3C. 5. Select the following fields: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer. |