STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Microsoft IIS 10.0 Site Security Technical Implementation Guide

V-218771

CAT II (Medium)

The IIS 10.0 website must have a unique application pool.

Rule ID

SV-218771r1192784_rule

STIG

Microsoft IIS 10.0 Site Security Technical Implementation Guide

Version

V2R15

CCIs

CCI-000366

Discussion

Application pools isolate sites and applications to address reliability, availability, and security issues. Sites and applications may be grouped according to configurations, although each site will be associated with a unique application pool.

Check Content

Note: If the IIS Application Pool is hosting Microsoft SharePoint, this is not applicable.

Note: If the IIS 10.0 installation is supporting Microsoft Exchange and is not otherwise hosting any content, this requirement is not applicable.

Open the IIS 10.0 Manager.

Click "Application Pools".

In the list of Application Pools, right-click any Application Pool, and select View Applications.

Remove the filter using the prompt.

Compare the Site and Application Pool columns. If any Application Pools are being used for more than one Site, this is a finding.

Fix Text

Open the IIS 10.0 Manager.

Click the site name under review.

Assign a unique application pool to each website.