Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-2262 | WG340 IIS7 | SV-32334r1_rule | ECSC-1 | Medium |
Description |
---|
TLS encryption is a required security setting for a private web server. Encryption of private information is essential to ensuring its confidentiality. If private information is not encrypted, it could be intercepted and easily read by an unauthorized party. |
STIG | Date |
---|---|
IIS 7.0 WEB SITE STIG | 2013-02-01 |
Check Text ( C-32740r1_chk ) |
---|
1. Open the IIS Manager. 2. Click the site name under review. 3. Double click the SSL Icon. 4. Ensure Require SSL and Require SSL 128-Bit are checked. If not, this is a finding. |
Fix Text (F-29067r1_fix) |
---|
1. Open the IIS Manager. 2. Click the site name under review. 3. Double click the SSL Icon. 4. Click the Require SSL and Require SSL 128-Bit check boxes. |