DISA has said, via their
FAQ, that the TIM for the IIS 7 STIG is not scheduled until March 1, 2011. My question is, how do you audit IIS 7 installations? I have seen that there are differences between IIS 6 and IIS 7 that preclude using the IIS 6 STIG on an IIS 7 server. Any suggestions?
One of the alternatives I used to do when working on DIACAP projects was if a STIG was available I then looked at CIS. I would then harden based or validate on their standards.
ReplyDeleteThey currently have a benchmark for II7 you might want use that as an alternative