The IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version.
Overview
Finding ID
Version
Rule ID
IA Controls
Severity
V-218822
IIST-SV-000154
SV-218822r961632_rule
Medium
Description
TLS is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2-approved TLS versions must be enabled and non-FIPS-approved SSL versions must be disabled.
NIST SP 800-52 defines the approved TLS versions for government applications.