A private web server must utilize TLS v 1.0 or greater.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2262 | WG340 IIS7 | SV-32334r1_rule | ECSC-1 | Medium |
| Description |
|---|
| TLS encryption is a required security setting for a private web server. Encryption of private information is essential to ensuring its confidentiality. If private information is not encrypted, it could be intercepted and easily read by an unauthorized party. |
| STIG | Date |
|---|---|
| IIS 7.0 WEB SITE STIG | 2013-02-01 |
Details
| Check Text ( C-32740r1_chk ) |
|---|
| 1. Open the IIS Manager. 2. Click the site name under review. 3. Double click the SSL Icon. 4. Ensure Require SSL and Require SSL 128-Bit are checked. If not, this is a finding. |
| Fix Text (F-29067r1_fix) |
|---|
| 1. Open the IIS Manager. 2. Click the site name under review. 3. Double click the SSL Icon. 4. Click the Require SSL and Require SSL 128-Bit check boxes. |