Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Remote authors or content providers will only use secure encrypted logons and connections to upload files to the Document Root directory.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13686 | WG235 | SV-14278r2_rule | EBRP-1 EBRU-1 | High |
| Description |
|---|
| Logging in to a web server via a telnet session or using HTTP or FTP in order to upload documents to the web site is a risk if proper encryption is not utilized to protect the data being transmitted. A secure shell service or HTTPS needs to be installed and in use for these purposes. |
| STIG | Date |
|---|---|
| IIS 7.0 WEB SITE STIG | 2016-02-11 |
Details
| Check Text ( C-30006r1_chk ) |
|---|
| Query the SA to determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection. If the remote users are uploading files without utilizing approved encryption methods, this is a finding. |
| Fix Text (F-26857r1_fix) |
|---|
| Use only secure encrypted logons and connections for uploading files to the web site. |