UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A private web server must utilize TLS v 1.0 or greater.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2262 WG340 IIS7 SV-32334r2_rule ECSC-1 Medium
Description
TLS encryption is a required security setting for a private web server. Encryption of private information is essential to ensuring its confidentiality. If private information is not encrypted, it could be intercepted and easily read by an unauthorized party.
STIG Date
IIS 7.0 WEB SITE STIG 2014-01-09

Details

Check Text ( C-32740r3_chk )
1. Open the IIS Manager.
2. Click the site name under review.
3. Double click the SSL Icon.
4. Ensure Require SSL and Require SSL 128-Bit are checked.

Note: If the Require SSL 128-Bit setting is not visible, the setting can be viewed by clicking the site under review and then opening the Configuration Editor. Switch to the section, the dropdown at the top of the configuration editor, system.webServer/security/access. The value for sslFlags should be ssl128.

If not, this is a finding.
Fix Text (F-29067r3_fix)
1. Open the IIS Manager.
2. Click the site name under review.
3. Double click the SSL Icon.
4. Click the Require SSL and Require SSL 128-Bit check boxes.

Note: If the Require SSL 128-Bit setting is not visible, the setting can be set by clicking the site node and then opening the Configuration Editor. Switch to the section, the dropdown at the top of the configuration editor, system.webServer/security/access. Click the value beside the sslFlags and select ssl128 in the dropdown list.