UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The production web-site must configure the Global .NET Trust Level.


Overview

Finding ID Version Rule ID IA Controls Severity
V-26034 WA000-WI6200 SV-32685r1_rule ECSC-1 Medium
Description
An application's trust level determines the permissions granted by the ASP.NET Code Access Security (CAS) policy. An application with full trust permissions may access all resource types on a server and perform privileged operations, while applications running with partial trust have varying levels of operating permissions and access to resources. The CAS determines the permissions granted to the application on the server. Setting a level of trust compatible with the applications will limit the potential harm a compromised application could cause to a system.
STIG Date
IIS 7.0 WEB SITE STIG 2011-08-19

Details

Check Text ( C-32886r1_chk )
1. Open the IIS Manager.
2. Click the site name under review.
3. Double-click the .NET Trust Level icon.
4. If the .NET Trust level is not set to Medium or less, this is a finding.
Fix Text (F-29034r1_fix)
1. Open the IIS Manager.
2. Click the site name under review.
3. Double-click the .NET Trust Level icon.
4. Set the .NET Trust level to Medium or less and click apply.