I want to thank the anonymous commenter on my previous post regarding IIS 7. I was out testing this past week on a very long engagement when our team came across two IIS 7 servers. After learning of the servers existence, I went to the Center for Internet Security's benchmark tools, and downloaded their IIS 7 Benchmark, which is at version 1.0. (I would hard link to it, but you need to fill out a form first - and the link is wonky after filling out the form.)
I used the guide to go through the IIS servers, and I have to say it's pretty easy and straightforward. Of course, the guide is not as in-depth as a typical DISA STIG/Checklist, but it covered much of the low hanging fruit. The guide was easy to read, easy to follow, and even gave remediation advice. I wholeheartedly recommend the guide for auditing IIS 7 servers until DISA puts out an official checklist.