The Common Criteria validation of Windows Server 2003 R2 includes IIS as a web server. Please see the Security Target for details:

http://www.niap-ccevs.org/cc-scheme/st/vid10184/