Check: IIST-SI-000224
Microsoft IIS 10.0 Site STIG:
IIST-SI-000224
(in version v2 r10)
Title
The IIS 10.0 website document directory must be in a separate partition from the IIS 10.0 websites system files. (Cat II impact)
Discussion
The content database is accessed by multiple anonymous users when the web server is in production. By locating the content database on the same partition as the web server system file, the risk for unauthorized access to these protected files is increased. Additionally, having the content database path on the same drive as the system folders also increases the potential for a drive space exhaustion attack.
Check Content
Note: If this server is hosting WSUS, this requirement is Not Applicable. Note: If this IIS 10.0 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Click the "Advanced Settings" from the "Actions" pane. Review the Physical Path. If the Path is on the same partition as the OS, this is a finding.
Fix Text
Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Click the "Advanced Settings" from the "Actions" pane. Change the Physical Path to the new partition and directory location.
Additional Identifiers
Rule ID: SV-218752r1022687_rule
Vulnerability ID: V-218752
Group Title: SRG-APP-000233-WSR-000146
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001084 |
Isolate security functions from nonsecurity functions. |
Controls
Number | Title |
---|---|
SC-3 |
Security Function Isolation |