| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2 Ensure the Server Is Not a Multi-Use System | CONFIGURATION MANAGEMENT |
| 1.3 Ensure Apache Is Installed From the Appropriate Binaries | CONFIGURATION MANAGEMENT |
| 2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled | CONFIGURATION MANAGEMENT |
| 2.2 Ensure the Log Config Module Is Enabled | AUDIT AND ACCOUNTABILITY |
| 2.3 Ensure the WebDAV Modules Are Disabled | CONFIGURATION MANAGEMENT |
| 2.4 Ensure the Status Module Is Disabled | CONFIGURATION MANAGEMENT |
| 2.5 Ensure the Autoindex Module Is Disabled | CONFIGURATION MANAGEMENT |
| 2.6 Ensure the Proxy Modules Are Disabled if not in use | CONFIGURATION MANAGEMENT |
| 2.7 Ensure the User Directories Module Is Disabled | CONFIGURATION MANAGEMENT |
| 2.8 Ensure the Info Module Is Disabled | CONFIGURATION MANAGEMENT |
| 2.9 Ensure the Basic and Digest Authentication Modules are Disabled | CONFIGURATION MANAGEMENT |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure the Apache User Account Has an Invalid Shell | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure the Apache User Account Is Locked | ACCESS CONTROL |
| 3.4 Ensure Apache Directories and Files Are Owned By Root | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.5 Ensure the Group Is Set Correctly on Apache Directories and Files | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure Other Write Access on Apache Directories and Files Is Restricted | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 Ensure the Core Dump Directory Is Secured | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure the Lock File Is Secured | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure the Pid File Is Secured | ACCESS CONTROL, MEDIA PROTECTION |
| 3.10 Ensure the ScoreBoard File Is Secured | ACCESS CONTROL, MEDIA PROTECTION |
| 3.11 Ensure Group Write Access for the Apache Directories and Files Is Properly Restricted | ACCESS CONTROL, MEDIA PROTECTION |
| 3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted | ACCESS CONTROL, MEDIA PROTECTION |
| 3.13 Ensure Access to Special Purpose Application Writable Directories is Properly Restricted | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1 Ensure Access to OS Root Directory Is Denied By Default | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2 Ensure Appropriate Access to Web Content Is Allowed | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3 Ensure OverRide Is Disabled for the OS Root Directory | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4 Ensure OverRide Is Disabled for All Directories | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1 Ensure Options for the OS Root Directory Are Restricted | ACCESS CONTROL |
| 5.4 Ensure Default HTML Content Is Removed | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.8 Ensure the HTTP TRACE Method Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9 Ensure Old HTTP Protocol Versions Are Disallowed | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.10 Ensure Access to .ht* Files Is Restricted | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.11 Ensure Access to .git Files Is Restricted | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.12 Ensure Access to .svn Files Is Restricted | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly | AUDIT AND ACCOUNTABILITY |
| 6.3 Ensure the Server Access Log Is Configured Correctly | AUDIT AND ACCOUNTABILITY |
| 6.4 Ensure Log Storage and Rotation Is Configured Correctly | AUDIT AND ACCOUNTABILITY |
| 6.5 Ensure Applicable Patches Are Applied | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Ensure mod_ssl and/or mod_nss Is Installed | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure a Valid Trusted Certificate Is Installed | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure the Server's Private Key Is Protected | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 7.4 Ensure the TLSv1.0 and TLSv1.1 Protocols are Disabled | CONFIGURATION MANAGEMENT |
| 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled | CONFIGURATION MANAGEMENT |
| 7.6 Ensure Insecure SSL Renegotiation Is Not Enabled | CONFIGURATION MANAGEMENT |
| 7.7 Ensure SSL Compression is not Enabled | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.8 Ensure Medium Strength SSL/TLS Ciphers Are Disabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure All Web Content is Accessed via HTTPS | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly' | ACCESS CONTROL, MEDIA PROTECTION |
