Tuesday, January 25, 2011
Auditing IIS 7 web servers - I'm looking for suggestions
DISA has said, via their FAQ, that the TIM for the IIS 7 STIG is not scheduled until March 1, 2011. My question is, how do you audit IIS 7 installations? I have seen that there are differences between IIS 6 and IIS 7 that preclude using the IIS 6 STIG on an IIS 7 server. Any suggestions?
Subscribe to:
Post Comments (Atom)
One of the alternatives I used to do when working on DIACAP projects was if a STIG was available I then looked at CIS. I would then harden based or validate on their standards.
ReplyDeleteThey currently have a benchmark for II7 you might want use that as an alternative