The IIS 10.0 website must have a unique application pool.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-218771 | IIST-SI-000251 | SV-218771r1192784_rule | CCI-000366 | medium |
| Description | ||||
| Application pools isolate sites and applications to address reliability, availability, and security issues. Sites and applications may be grouped according to configurations, although each site will be associated with a unique application pool. | ||||
| STIG | Date | |||
| Microsoft IIS 10.0 Site Security Technical Implementation Guide | 2026-02-26 | |||
Details
Check Text (C-218771r1192784_chk)
Note: If the IIS Application Pool is hosting Microsoft SharePoint, this is not applicable.
Note: If the IIS 10.0 installation is supporting Microsoft Exchange and is not otherwise hosting any content, this requirement is not applicable.
Open the IIS 10.0 Manager.
Click "Application Pools".
In the list of Application Pools, right-click any Application Pool, and select View Applications.
Remove the filter using the prompt.
Compare the Site and Application Pool columns. If any Application Pools are being used for more than one Site, this is a finding.
Fix Text (F-20242r311212_fix)
Open the IIS 10.0 Manager.
Click the site name under review.
Assign a unique application pool to each website.