Check: IIST-SI-000258
Microsoft IIS 10.0 Site STIG:
IIST-SI-000258
(in versions v2 r10 through v1 r1)
Title
The application pools rapid fail protection for each IIS 10.0 website must be enabled. (Cat II impact)
Discussion
Rapid fail protection is a feature that interrogates the health of worker processes associated with websites and web applications. It can be configured to perform a number of actions such as shutting down and restarting worker processes that have reached failure thresholds. By not setting rapid fail protection, the web server could become unstable in the event of a worker process crash potentially leaving the web server unusable.
Check Content
Note: If the IIS Application Pool is hosting Microsoft SharePoint, this is Not Applicable. If this IIS 10.0 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable. Open the IIS 10.0 Manager. Click "Application Pools". Perform the following for each Application Pool: Highlight an Application Pool to review and click "Advanced Settings" in the "Actions" pane. Scroll down to the "Rapid Fail Protection" section and verify the value for "Enabled" is set to "True". If the "Rapid Fail Protection:Enabled" is not set to "True", this is a finding.
Fix Text
Open the IIS 10.0 Manager. Click "Application Pools". Perform the following for each Application Pool: Highlight an Application Pool to review and click "Advanced Settings" in the "Actions" pane. Scroll down to the "Rapid Fail Protection" section and set the value for "Enabled" to "True". Click "OK".
Additional Identifiers
Rule ID: SV-218777r961863_rule
Vulnerability ID: V-218777
Group Title: SRG-APP-000516-WSR-000174
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |