The IIS 8.5 websites must utilize ports, protocols, and services according to PPSM guidelines.

From IIS 8.5 Site Security Technical Implementation Guide

Part of SRG-APP-000383-WSR-000175

Associated with: CCI-001762

SV-91543r1_rule The IIS 8.5 websites must utilize ports, protocols, and services according to PPSM guidelines.

Vulnerability discussion

Web servers provide numerous processes, features, and functionalities that utilize TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system.The web server must provide the capability to disable or deactivate network-related services that are deemed to be non-essential to the server mission, are too unsecure, or are prohibited by the PPSM CAL and vulnerability assessments.Failure to comply with DoD ports, protocols, and services (PPS) requirements can result in compromise of enclave boundary protections and/or functionality of the AIS.The ISSM will ensure web servers are configured to use only authorized PPS in accordance with the Network Infrastructure STIG, DoD Instruction 8551.1, Ports, Protocols, and Services Management (PPSM), and the associated Ports, Protocols, and Services (PPS) Assurance Category Assignments List.

Check content

Review the website to determine if HTTP and HTTPs (e.g., 80 and 443) are used in accordance with those ports and services registered and approved for use by the DoD PPSM. Any variation in PPS will be documented, registered, and approved by the PPSM. Follow the procedures below for each site hosted on the IIS 8.5 web server: Open the IIS 8.5 Manager. Click the site name under review. In the “Action” Pane, click “Bindings”. Review the ports and protocols. If unknown ports or protocols are used, then this is a finding.

Fix text

Follow the procedures below for each site hosted on the IIS 8.5 web server: Open the IIS 8.5 Manager. Click the site name under review. In the “Action” Pane, click “Bindings". Edit to change an existing binding and set the correct ports and protocol.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer