UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Debugging and trace information used to diagnose the IIS 8.5 website must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-214473 IISW-SI-000234 SV-214473r508659_rule Medium
Description
Setting compilation debug to false ensures detailed error information does not inadvertently display during live application usage, mitigating the risk of application information being displayed to users.
STIG Date
Microsoft IIS 8.5 Site Security Technical Implementation Guide 2020-09-25

Details

Check Text ( C-15682r310623_chk )
Note: If the ".NET feature" is not installed, this check is Not Applicable.

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name under review.

Double-click ".NET Compilation".

Scroll down to the "Behavior" section and verify the value for "Debug" is set to "False".

If the "Debug" value is not set to "False", this is a finding.
Fix Text (F-15680r310624_fix)
Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name under review.

Double-click ".NET Compilation".

Scroll down to the "Behavior" section and set the value for "Debug" to "False".