Debugging and trace information used to diagnose the IIS 10.0 website must be disabled.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-218761	SRG-APP-000266-WSR-000160	IIST-SI-000234	SV-218761r961167_rule	2025-02-11	2

Description
Setting compilation debug to false ensures detailed error information does not inadvertently display during live application usage, mitigating the risk of application information being displayed to users.

ℹ️ Check
Note: If the server being reviewed is hosting SharePoint, this is Not Applicable. Note: If the ".NET feature" is not installed, this check is Not Applicable. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Double-click ".NET Compilation". Scroll down to the "Behavior" section and verify the value for "Debug" is set to "False". If the "Debug" value is not set to "False", this is a finding.

ℹ️ Check

Note: If the server being reviewed is hosting SharePoint, this is Not Applicable. Note: If the ".NET feature" is not installed, this check is Not Applicable. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Double-click ".NET Compilation". Scroll down to the "Behavior" section and verify the value for "Debug" is set to "False". If the "Debug" value is not set to "False", this is a finding.

✔️ Fix
Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Double-click ".NET Compilation". Scroll down to the "Behavior" section and set the value for "Debug" to "False".