Skip to main content
← All benchmarks
CIS IIS 10 Benchmark

CIS IIS 10 Benchmark, continuously evidenced.

The CIS Microsoft IIS 10 Benchmark v1.2.1 defines 55 security controls covering Internet Information Services 10 hardening: basic configuration, authentication, logging, request filtering, SSL/TLS configuration, and ASP.NET settings. CISGuard's agent runs on IIS hosts (Windows Server with IIS role installed), validating every control with per-site evidence.

Database & Web ServerAgentAll tier
Quick Facts

IIS 10 benchmark at a glance.

Benchmark version
v1.2.1
Total controls
55
Scan type
Agent
Available tier
All plans
Category
Database & Web Server
Drift detection
Yes, between every scheduled scan
Coverage

What this benchmark actually covers.

  • Basic configuration (server header, anonymous identity)
  • Authentication (Windows, basic, anonymous, forms)
  • Logging (W3C, fields, location)
  • Request filtering (file extensions, verbs, query strings)
  • SSL/TLS configuration (HTTPS, HSTS, TLS versions)
  • ASP.NET settings
Frequently Asked

IIS 10 questions, answered directly.

Does CISGuard support IIS on older Windows Server versions?

Yes. IIS 10 ships with Windows Server 2016, 2019, 2022, and 2025. CISGuard supports IIS scanning across all of these. For older IIS versions (IIS 8.5 on Windows Server 2012 R2), corresponding CIS benchmarks apply.

Can CISGuard validate TLS configuration?

Yes. CIS IIS 10 Benchmark requires TLS 1.2 or higher, deprecated cipher suites disabled, HSTS enforced for HTTPS sites. CISGuard validates each TLS-related control with per-site and per-binding evidence. Deprecated TLS versions enabled (TLS 1.0, 1.1) flagged as control failures.

Does CISGuard scan per-site or per-server?

Both. Server-level controls (TLS configuration, server headers) apply once per IIS instance. Site-level controls (request filtering, authentication mode, logging configuration) evaluate per site. CISGuard's reporting shows server-level and per-site evidence with drill-down to specific failures.

Related Benchmarks

Often deployed together with IIS 10.

Endpoint

Windows Server 2022

535 controls · v2.0.0

Read more →
Database & Web Server

SQL Server 2022

47 controls · v1.2.1

Read more →

Want a IIS 10 scan of your environment?

Our compliance engineers will scope your environment and quote within one business day of an initial briefing.

Request Executive Briefingsales@cisguard.ae →