Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-214473 | IISW-SI-000234 | SV-214473r508659_rule | Medium |
Description |
---|
Setting compilation debug to false ensures detailed error information does not inadvertently display during live application usage, mitigating the risk of application information being displayed to users. |
STIG | Date |
---|---|
Microsoft IIS 8.5 Site Security Technical Implementation Guide | 2020-09-25 |
Check Text ( C-15682r310623_chk ) |
---|
Note: If the ".NET feature" is not installed, this check is Not Applicable. Follow the procedures below for each site hosted on the IIS 8.5 web server: Open the IIS 8.5 Manager. Click the site name under review. Double-click ".NET Compilation". Scroll down to the "Behavior" section and verify the value for "Debug" is set to "False". If the "Debug" value is not set to "False", this is a finding. |
Fix Text (F-15680r310624_fix) |
---|
Follow the procedures below for each site hosted on the IIS 8.5 web server: Open the IIS 8.5 Manager. Click the site name under review. Double-click ".NET Compilation". Scroll down to the "Behavior" section and set the value for "Debug" to "False". |