Highlighted
Occasional contributor

IIS settings for STIG compliance

We have been tasked with STIGing our 3 server (web, app, beacon server) implementation of FNMS at DHA. Currently, we have 3 open findings for the IIS Site STIGs, which required us to make a modification of the default value to be in compliance.

The 3 findings revolved around the Application Pool Recycling Section for the following:

- Request Limit

- Virtual Memory Limit

- Private Memory Limit

Each of them has a default value of zero, which its consider a finding. The question is, what are the recommended value for this fields to ensure we are in compliance and FNMS works without issues.

I have attached the 3 STIGs with more information. 

1 Reply
Highlighted
Flexera
Flexera

Re: IIS settings for STIG compliance

From what I have seen, I don't believe that Flexera has a recommendation for what these three settings should be for the Security Technical Implementation Guides (STIG) that you mentioned. Looking through everything at my disposal, I have not been able to find any recommendations for these settings 

I am only human; anything said is my view or from my own experience and not necessarily that of Flexera.
If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".