I recently installed SolarWinds NPM on a prehardened Windows 2012r2 server. In the process of installing this application it enables what it believes are the necessary IIS components needed in order to operate properly. I've since been asked to go through the Web SRG DISA STIG checklist to ensure that the machine is still secure. I've run into one particular finding that I don't know how to solve. The particular finding is vulnerability v-56007. Details can be found here: https://www.stigviewer.com/stig/web_server_security_requirements_guide/2015-08-28/finding/V-56007
This finding requires that I configure the web server to disallow client-side scripts the capability of reading cookie information.
Does anyone know how to do this? Is it a simple configuration adjustment in IIS?
EDIT: From what I understand, I need to set the HttpOnly flag in the cookie that gets created for the site. I haven't figured out how to do this yet but I'm still researching. If anyone knows exactly how to do that I'd appreciate your comments.