Public web servers must use TLS if authentication is required.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13694 | WG342 IIS7 | SV-32483r1_rule | ECCT-2 ECCT-1 | Medium |
| Description |
|---|
| Encryption is optional for a public web server. However, if authentication and encryption are used, then the use of TLS is required. |
| STIG | Date |
|---|---|
| IIS 7.0 WEB SITE STIG | 2014-03-25 |
Details
| Check Text ( C-32799r1_chk ) |
|---|
| 1. Open the IIS Manager. 2. Click the site name under review. 3. Double-click SSL icon. 4. Ensure Require SSL and Require 128-bit SSL are checked. If not, this is a finding. |
| Fix Text (F-29075r1_fix) |
|---|
| 1. Open the IIS Manager. 2. Click the site name under review. 3. Double-click SSL icon. 4. Check the Require SSL and Require 128-bit SSL check box. |