Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Public web servers must use TLS if authentication is required.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13694 | WG342 IIS7 | SV-32483r1_rule | ECCT-2 ECCT-1 | Medium |
| Description |
|---|
| Encryption is optional for a public web server. However, if authentication and encryption are used, then the use of TLS is required. |
| STIG | Date |
|---|---|
| IIS 7.0 WEB SITE STIG | 2014-03-25 |
Details
| Check Text ( C-32799r1_chk ) |
|---|
| 1. Open the IIS Manager. 2. Click the site name under review. 3. Double-click SSL icon. 4. Ensure Require SSL and Require 128-bit SSL are checked. If not, this is a finding. |
| Fix Text (F-29075r1_fix) |
|---|
| 1. Open the IIS Manager. 2. Click the site name under review. 3. Double-click SSL icon. 4. Check the Require SSL and Require 128-bit SSL check box. |