| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | |
| 1.2 Ensure the Server Is Not a Multi-Use System | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 Ensure Apache Is Installed From the Appropriate Binaries | CONFIGURATION MANAGEMENT |
| 2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled | CONFIGURATION MANAGEMENT |
| 2.2 Ensure the Log Config Module Is Enabled | AUDIT AND ACCOUNTABILITY |
| 2.3 Ensure the WebDAV Modules Are Disabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.4 Ensure the Status Module Is Disabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.5 Ensure the Autoindex Module Is Disabled | CONFIGURATION MANAGEMENT |
| 2.6 Ensure the Proxy Modules Are Disabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.7 Ensure the User Directories Module Is Disabled | CONFIGURATION MANAGEMENT |
| 2.8 Ensure the Info Module Is Disabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.9 Ensure the Basic and Digest Authentication Modules are Disabled - auth_basic_module | SYSTEM AND INFORMATION INTEGRITY |
| 2.9 Ensure the Basic and Digest Authentication Modules are Disabled - auth_digest_module | SYSTEM AND INFORMATION INTEGRITY |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured' | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd services are running as apache user' | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache' | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf User = apache' | ACCESS CONTROL |
| 3.2 Ensure the Apache User Account Has an Invalid Shell | ACCESS CONTROL |
| 3.3 Ensure the Apache User Account Is Locked | ACCESS CONTROL |
| 3.4 Ensure Apache Directories and Files Are Owned By Root | ACCESS CONTROL |
| 3.5 Ensure the Group Is Set Correctly on Apache Directories and Files | ACCESS CONTROL |
| 3.6 Ensure Other Write Access on Apache Directories and Files Is Restricted | ACCESS CONTROL |
| 3.7 Ensure the Core Dump Directory Is Secured | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile directory' | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile on local hard drive' | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile permissions' | ACCESS CONTROL |
| 3.9 Ensure the Pid File Is Secured - 'PidFile directory' | ACCESS CONTROL |
| 3.9 Ensure the Pid File Is Secured - 'PidFile permissions' | ACCESS CONTROL |
| 3.10 Ensure the ScoreBoard File Is Secured | ACCESS CONTROL |
| 3.11 Ensure Group Write Access for the Apache Directories and Files Is Properly Restricted | ACCESS CONTROL |
| 3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted | ACCESS CONTROL |
| 3.13 Ensure Access to Special Purpose Application Writable Directories is Properly Restricted | ACCESS CONTROL |
| 4.1 Ensure Access to OS Root Directory Is Denied By Default | ACCESS CONTROL |
| 4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Allow directives exist' | ACCESS CONTROL |
| 4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Require all denied' | ACCESS CONTROL |
| 4.2 Ensure Appropriate Access to Web Content Is Allowed | ACCESS CONTROL |
| 4.3 Ensure OverRide Is Disabled for the OS Root Directory - AllowOverride None | ACCESS CONTROL |
| 4.3 Ensure OverRide Is Disabled for the OS Root Directory - exclude AllowOverrideList | ACCESS CONTROL |
| 4.4 Ensure OverRide Is Disabled for All Directories - AllowOverride | ACCESS CONTROL |
| 4.4 Ensure OverRide Is Disabled for All Directories - AllowOverrideList | ACCESS CONTROL |
| 5.1 Ensure Options for the OS Root Directory Are Restricted | CONFIGURATION MANAGEMENT |
| 5.2 Ensure Options for the Web Root Directory Are Restricted | CONFIGURATION MANAGEMENT |
| 5.3 Ensure Options for Other Directories Are Minimized | CONFIGURATION MANAGEMENT |
| 5.4 Ensure Default HTML Content Is Removed - 'httpd-manual is not installed' | CONFIGURATION MANAGEMENT |
| 5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist' | CONFIGURATION MANAGEMENT |
| 5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist' | CONFIGURATION MANAGEMENT |
| 5.4 Ensure Default HTML Content Is Removed - 'Server Status handler does not exist' | CONFIGURATION MANAGEMENT |
| 5.5 Ensure the Default CGI Content printenv Script Is Removed | ACCESS CONTROL |
| 5.6 Ensure the Default CGI Content test-cgi Script Is Removed | ACCESS CONTROL |
| 5.7 Ensure HTTP Request Methods Are Restricted | SYSTEM AND INFORMATION INTEGRITY |
