Security Technical Implementation Guides (STIGs)

Vulnerability ID	Severity	Description
V-218804	Medium	The IIS 10.0 web server must use cookies to track session state
V-218805	Medium	The IIS 10.0 web server must accept only system-generated session identifiers