Debugging and trace information used to diagnose the IIS 10.0 website must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-218761 | IIST-SI-000234 | SV-218761r961167_rule | CCI-001312 | medium |
| Description | ||||
| Setting compilation debug to false ensures detailed error information does not inadvertently display during live application usage, mitigating the risk of application information being displayed to users. | ||||
| STIG | Date | |||
| Microsoft IIS 10.0 Site Security Technical Implementation Guide | 2025-06-09 | |||
Details
Check Text (C-218761r961167_chk)
Note: If the server being reviewed is hosting SharePoint, this is Not Applicable.
Note: If the ".NET feature" is not installed, this check is Not Applicable.
Follow the procedures below for each site hosted on the IIS 10.0 web server:
Open the IIS 10.0 Manager.
Click the site name under review.
Double-click ".NET Compilation".
Scroll down to the "Behavior" section and verify the value for "Debug" is set to "False".
If the "Debug" value is not set to "False", this is a finding.
Fix Text (F-20232r311182_fix)
Follow the procedures below for each site hosted on the IIS 10.0 web server:
Open the IIS 10.0 Manager.
Click the site name under review.
Double-click ".NET Compilation".
Scroll down to the "Behavior" section and set the value for "Debug" to "False".