Does anyone have any recommendation on scanning that is a Member server and an IIS server?
We have selected both L1 CIS controls in a single policy and the scanner is able to scan and correctly identify most Windows Member Server L1 controls (some issues with User based but seems to be random) but on the IIS controls it comes back with nothing for anything IIS specific.
I have a support case open on this but have had it for over a year at this point. So maybe someone in the community has a better idea.