Merge pull request #1517 from microsoft/hinderjd#1508

Update PowerStig to parse/apply Microsoft IIS 10.0 Server STIG - Ver 3, Rel 5#1508

Author: MrAutomater

CHANGELOG.md

@@ -2,6 +2,8 @@
 
 ## [Unreleased]
 
+* Update PowerStig to parse/apply Microsoft IIS 10.0 Server STIG - Ver 3, Rel 5 [#1508](https://github.com/microsoft/PowerStig/issues/1508)
+
 
 ## [4.28.0] - 2025-12-5
 

…S_10-0_Server_STIG_V3R3_Manual-xccdf.log …S_10-0_Server_STIG_V3R5_Manual-xccdf.logsource/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V3R3_Manual-xccdf.log renamed to source/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V3R5_Manual-xccdf.log source/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V3R3_Manual-xccdf.log renamed to source/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V3R5_Manual-xccdf.log

@@ -1,6 +1,7 @@
 V-218790::This check does not apply to service account IDs utilized by automated services necessary to process, manage, and store log files::If an account associated with roles other than auditors
 V-218821::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'; ValueData = 0; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}
 V-218814::*::HardCodedRule(PermissionRule)@{DscResource = 'NTFSAccessEntry'; AccessControlEntry = @(@{Type = $null; Principal = 'System'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'Administrators'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'TrustedInstaller'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'ALL APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'ALL RESTRICTED APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'Users'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute,ListDirectory'}, @{Type = $null; Principal = 'CREATOR OWNER'; ForcePrincipal = 'False'; Inheritance = 'Subfolders and files only'; Rights = 'FullControl'}); Force = 'True'; Path = '%SystemDrive%\inetpub'}
+V-218819::*::.
+V-268325::*::.
 V-218805::Under Time-out (in minutes), verify “20 minutes or less” is selected.::Verify the "Time-out (in minutes)" is set to "20 minutes or less".
-V-241788::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters'; ValueData = 1; ValueName = 'DisableServerHeader'; ValueType = 'DWORD'}
 

…S_10-0_Server_STIG_V3R3_Manual-xccdf.xml …S_10-0_Server_STIG_V3R5_Manual-xccdf.xmlsource/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V3R3_Manual-xccdf.xml renamed to source/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V3R5_Manual-xccdf.xml source/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V3R3_Manual-xccdf.xml renamed to source/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V3R5_Manual-xccdf.xml

@@ -5,5 +5,5 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="3.4" />
+<OrganizationalSettings fullversion="3.4">
 </OrganizationalSettings>

source/StigData/Processed/IISServer-10.0-3.3.org.default.xml

@@ -0,0 +1,8 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="3.5">