STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Microsoft IIS 10.0 Server Security Technical Implementation Guide

V-218795

CAT I (High)

All IIS 10.0 web server sample code, example applications, and tutorials must be removed from a production IIS 10.0 server.

Rule ID

SV-218795r960963_rule

STIG

Microsoft IIS 10.0 Server Security Technical Implementation Guide

Version

V3R7

CCIs

CCI-000381

Discussion

Web server documentation, sample code, example applications, and tutorials may be an exploitable threat to a web server. A production web server may only contain components that are operationally necessary (i.e., compiled code, scripts, web content, etc.). Delete all directories containing samples and any scripts used to execute the samples.

Check Content

Navigate to the following folders:

inetpub\
Program Files\Common Files\System\msadc
Program Files (x86)\Common Files\System\msadc

If the folder or sub-folders contain any executable sample code, example applications, or tutorials which are not explicitly used by a production website, this is a finding.

Fix Text

Remove any executable sample code, example applications, or tutorials which are not explicitly used by a production website.