cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IIS hardening with CIS standards - tools and options

Sergg
Iron Contributor

‎Sep 03 2021 03:46 AM

‎Sep 03 2021 03:46 AM

IIS hardening with CIS standards - tools and options

Hello IIS experts. Please suggest on best strategy for hardening on-prem IIS farm to CIS standards. I'm also interested in recurring audit of the results.

There is a number of commercial products allowing to scan IIS for CIS Benchmarks.

The latest "CIS Benchmark for Microsoft IIS 10" available to download in PDF format free of charge at https://www.cisecurity.org/cis-benchmarks/. However in this instance CIS does not offer "Build kit". Depends on product to be hardened, CIS "build kit" can be set of scripts, GPO policy or similar to allow rapid hardening deployment.

Since there is no Official build kit I'm looking for alternatives. Can you please share your experience on this subject? I found few blogs but those are quite old.

6,986 Views
0 Likes
6 Replies
Reply
6 Replies
Sergg

‎Oct 04 2021 03:05 AM

‎Oct 04 2021 03:05 AM

Re: IIS hardening with CIS standards - tools and options

1 month is passed, just checking if anyone has some good advice on the most optimal method. Thanks.

0 Likes
Reply
tkonick

‎Aug 12 2022 12:13 PM

‎Aug 12 2022 12:13 PM

Re: IIS hardening with CIS standards - tools and options

Almost a year since you've posted this, not sure if necromancing but I have some PDF's that are useful.
0 Likes
Reply
Jytte_S_Frandsen

‎Mar 09 2023 07:22 AM

‎Mar 09 2023 07:22 AM

Re: IIS hardening with CIS standards - tools and options

@tkonick Hi, would you like to share your useful links? I have the same challenge. BR Jytte

0 Likes
Reply
Sergg

‎Mar 09 2023 01:15 PM

‎Mar 09 2023 01:15 PM

Re: IIS hardening with CIS standards - tools and options

To anyone interested, i ended up using https://github.com/fbprogmbh/Audit-Test-Automation FREE tool to scan and then manually tune IIS until most of the IIS CIS settings were green. It is really good.
If you are ready yo pay you can get a version which is able to harden the settings. It is from the same company - https://www.fb-pro.com/en/
0 Likes
Reply
Sergg

‎Mar 09 2023 01:17 PM

‎Mar 09 2023 01:17 PM

Re: IIS hardening with CIS standards - tools and options

And the PDFs you can download from https://workbench.cisecurity.org/ after registering. there is also a forum of CIS experts on https://workbench.cisecurity.org/ one per hardened product. you can try asking your questions there.
0 Likes
Reply
ioah86

‎Oct 16 2023 01:36 PM

‎Oct 16 2023 01:36 PM

Re: IIS hardening with CIS standards - tools and options

https://github.com/coguardio/coguard-cli contains the CIS benchmarks regarding the configuration files.
0 Likes
Reply