UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Log files must consist of the required data fields.


Overview

Finding ID Version Rule ID IA Controls Severity
V-13688 WG242 IIS7 SV-32480r1_rule ECAR-1 ECAR-2 ECAR-3 Medium
Description
Log files are a critical component to the successful management of an IS used within the DoD. By generating log files with useful information web administrators can leverage them in the event of a disaster, malicious attack, or other site specific needs.
STIG Date
IIS 7.0 WEB SITE STIG 2013-02-01

Details

Check Text ( C-32795r1_chk )
Follow the procedures below for each site under review:

1. Open the IIS Manager.
2. Click the site name.
3. Click the Logging icon.
4. Under Format select W3C.
5. Click Select Fields, ensure at a minimum the following fields are checked: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer. If not, this is a finding.
Fix Text (F-29074r1_fix)
1. Open the IIS Manager.
2. Click the site name.
3. Click the Logging icon.
4. Under Format select W3C.
5. Select the following fields: Date, Time, Client IP Address, User Name, Method, URI Query, Protocol Status, and Referrer.