Check: IIST-SI-000255
Microsoft IIS 10.0 Site STIG:
IIST-SI-000255
(in versions v2 r4 through v1 r1)
Title
The application pool for each IIS 10.0 website must have a recycle time explicitly set. (Cat II impact)
Discussion
Application pools can be periodically recycled to avoid unstable states possibly leading to application crashes, hangs, or memory leaks.
Check Content
Note: If the IIS Application Pool is hosting Microsoft SharePoint, this is Not Applicable. If this IIS 10.0 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable. Open the IIS 10.0 Manager. Perform the following for each Application Pool: Click "Application Pools". Highlight an Application Pool and click "Advanced Settings" in the "Action" Pane. Scroll down to the "Recycling" section and expand the "Generate Recycle Event Log Entry" section. Verify both the "Regular time interval" and "Specific time" options are set to "True". If both the "Regular time interval" and "Specific time" options are not set to "True", this is a finding.
Fix Text
Open the IIS 10.0 Manager. Click "Application Pools". Perform the following for each Application Pool: Highlight an Application Pool and click "Advanced Settings" in the "Action" Pane. Scroll down to the "Recycling" section and expand the "Generate Recycle Event Log Entry" section. Set both the "Regular time interval" and "Specific time" options to "True".
Additional Identifiers
Rule ID: SV-218775r558649_rule
Vulnerability ID: V-218775
Group Title: SRG-APP-000516-WSR-000174
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |