|Finding ID||Version||Rule ID||IA Controls||Severity|
|A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. The web server must provide the capability to disable, uninstall, or deactivate functionality and services deemed non-essential to the web server mission or that adversely impact server performance.|
|Microsoft IIS 10.0 Server Security Technical Implementation Guide||2022-12-09|
|Check Text ( C-20265r310854_chk )|
| Click “Start”. |
Open Control Panel.
Click “Programs and Features”.
Review the installed programs. If any programs are installed other than those required for the IIS 10.0 web services, this is a finding.
Note: If additional software is needed, supporting documentation must be signed by the ISSO.
|Fix Text (F-20263r310855_fix)|
|Remove all unapproved programs and roles from the production IIS 10.0 web server.|