IIS hardening with CIS standards - tools and options

Question

Hello IIS experts. Please suggest on best strategy for hardening on-prem IIS farm to CIS standards. I'm also interested in recurring audit of the results.There is a number of commercial products allowing to scan IIS for CIS Benchmarks.The latest "CIS Benchmark for Microsoft IIS 10" available to download in PDF format free of charge at https://www.cisecurity.org/cis-benchmarks/. However in this instance CIS does not offer "Build kit". Depends on product to be hardened, CIS "build kit" can be set of scripts, GPO policy or similar to allow rapid hardening deployment.Since there is no Official build kit I'm looking for alternatives. Can you please share your experience on this subject? I found few blogs but those are quite old.

sergg · Answer

1 month is passed, just checking if anyone has some good advice on the most optimal method. Thanks.

tkonick · Answer

Almost a year since you've posted this, not sure if necromancing but I have some PDF's that are useful.

jytte_s_frandsen · Answer

tkonick&nbsp;Hi, would you like to share your useful links? I have the same challenge. BR Jytte

sergg · Answer

To anyone interested, i ended up using https://github.com/fbprogmbh/Audit-Test-Automation FREE tool to scan and then manually tune IIS until most of the IIS CIS settings were green. It is really good.If you are ready yo pay you can get a version which is able to harden the settings. It is from the same company - https://www.fb-pro.com/en/

sergg · Answer

And the PDFs you can download from https://workbench.cisecurity.org/ after registering. there is also a forum of CIS experts on https://workbench.cisecurity.org/ one per hardened product. you can try asking your questions there.

Forum Discussion

IIS hardening with CIS standards - tools and options

6 Replies

Resources