UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The log data and records from the IIS 8.5 web server must be backed up onto a different system or media.


Overview

Finding ID Version Rule ID IA Controls Severity
V-214406 IISW-SV-000116 SV-214406r879582_rule Medium
Description
Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up log records to an unrelated system or onto separate media than the system the web server is actually running on helps to assure that, in the event of a catastrophic system failure, the log records will be retained.
STIG Date
Microsoft IIS 8.5 Server Security Technical Implementation Guide 2023-03-09

Details

Check Text ( C-15616r310266_chk )
The IIS 8.5 web server and website log files should be backed up by the system backup.

To determine if log files are backed up by the system backup, determine the location of the web server log files and each website's log files.

Open the IIS 8.5 Manager.

Click the IIS 8.5 server name.

Click the "Logging" icon.

Under "Log File" >> "Directory" obtain the path of the log file.

Once all locations are known, consult with the System Administrator to review the server's backup procedure and policy.

Verify the paths of all log files are part of the system backup.
Verify log files are backed up to an unrelated system or onto separate media than the system the web server is running on.

If the paths of all log files are not part of the system backup and/or not backed up to a separate media, this is a finding.
Fix Text (F-15614r310267_fix)
Configure system backups to include the directory paths of all IIS 8.5 web server and website log files.