Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-76837 | IISW-SI-000234 | SV-91533r1_rule | Medium |
Description |
---|
Setting compilation debug to false ensures detailed error information does not inadvertently display during live application usage, mitigating the risk of application information being displayed to users. |
STIG | Date |
---|---|
IIS 8.5 Site Security Technical Implementation Guide | 2018-04-06 |
Check Text ( C-76493r1_chk ) |
---|
Note: If the ".NET feature" is not installed, this check is Not Applicable. Follow the procedures below for each site hosted on the IIS 8.5 web server: Open the IIS 8.5 Manager. Click the site name under review. Double-click ".NET Compilation". Scroll down to the "Behavior" section and verify the value for "Debug" is set to "False". If the "Debug" value is not set to "False", this is a finding. |
Fix Text (F-83533r1_fix) |
---|
Follow the procedures below for each site hosted on the IIS 8.5 web server: Open the IIS 8.5 Manager. Click the site name under review. Double-click ".NET Compilation". Scroll down to the "Behavior" section and set the value for "Debug" to "False". |