Tuesday, January 25, 2011

Auditing IIS 7 web servers - I'm looking for suggestions

DISA has said, via their FAQ, that the TIM for the IIS 7 STIG is not scheduled until March 1, 2011.  My question is, how do you audit IIS 7 installations?  I have seen that there are differences between IIS 6 and IIS 7 that preclude using the IIS 6 STIG on an IIS 7 server.  Any suggestions?

1 comment:

  1. One of the alternatives I used to do when working on DIACAP projects was if a STIG was available I then looked at CIS. I would then harden based or validate on their standards.

    They currently have a benchmark for II7 you might want use that as an alternative

    ReplyDelete