Help with Web SRG STIG v-56007

I've installed SolarWinds NPM version 11.5 on a pre-hardened Windows 2012r2 VM. I've since been asked to go through the Web SRG DISA STIG checklist to ensure that it's still secure. I've run into the subject checklist item and I have no idea how to comply with it.

Details of the checklist item can be found here:

Cookies exchanged between the web server and the client, such as session cookies, must have cookie properties set to pro…

It expects me to configure the web server to disallow client-side scripts the capability of reading cookie information. I'm not sure if this should be performed in IIS or in SolarWinds Orion. In either case, I have no idea how to perform that kind of configuration adjustment. Has anyone else run into this?

Find more posts tagged with

disa stig

STIG

vulnerability_assessment

Accepted answers

All comments

rfroembgen

This is a similar issue with details how to solve it.

Cookies exchanged between the IIS 8.5 website and the client must have cookie properties set to prohibit client-side scr…

But as i am no expert in how Solarwinds handles the cookies you should do some testing with the Website and if everything works properly after you made the changes.

Best Regards

Rene

jbrown8380

Thanks for your reply. It looks like I need set those properties as defined in that link and also set the HttpOnly property. It's nice that it actually provides steps on how to do it. I think that's more of what I needed anyway. I didn't even know where to look.