| Access the IIS 10.0 Web Server. |
Open IIS Manager.
Click the IIS 10.0 web server name.
Open on Configuration Editor under Management.
For the Section, navigate to system.applicationHost/sites.
Expand siteDefaults and HSTS.
If enabled is not set to True, this is a finding.
If includeSubDomains is not set to True, this is a finding.
If max-age is not set to a value greater than 0, this is a finding.
If redirectHttpToHttps is not True, this is a finding.
If the website is behind a load balancer or proxy server, and HSTS enablement is handled there, this is Not Applicable.
If the version of Windows Server does not natively support HSTS, this is not a finding.