UCF STIG Viewer Logo

Debugging and trace information used to diagnose the IIS 10.0 website must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-218761 IIST-SI-000234 SV-218761r558649_rule Medium
Description
Setting compilation debug to false ensures detailed error information does not inadvertently display during live application usage, mitigating the risk of application information being displayed to users.
STIG Date
Microsoft IIS 10.0 Site Security Technical Implementation Guide 2021-12-28

Details

Check Text ( C-20234r311181_chk )
Note: If the ".NET feature" is not installed, this check is Not Applicable.

Follow the procedures below for each site hosted on the IIS 10.0 web server:

Open the IIS 10.0 Manager.

Click the site name under review.

Double-click ".NET Compilation".

Scroll down to the "Behavior" section and verify the value for "Debug" is set to "False".

If the "Debug" value is not set to "False", this is a finding.
Fix Text (F-20232r311182_fix)
Follow the procedures below for each site hosted on the IIS 10.0 web server:

Open the IIS 10.0 Manager.

Click the site name under review.

Double-click ".NET Compilation".

Scroll down to the "Behavior" section and set the value for "Debug" to "False".