AS24-U2-000020 - The Apache web server must perform server-side session management.
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.
AS24-U2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred.
AS24-U2-000350 - Users and scripts running on behalf of users must be contained to the document root or home directory tree of the Apache web server.
AS24-U2-000380 - The Apache web server must perform RFC 5280-compliant certification path validation.
AS24-U2-000390 - Only authenticated system administrators or the designated PKI Sponsor for the Apache web server must have access to the Apache web servers private key.
AS24-U2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application.
AS24-U2-000660 - The Apache web server must set an inactive timeout for sessions.
AS24-U2-000890 - Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies.
Removed
AS24-U2-000020 - The Apache web server must perform server-side session management
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided
AS24-U2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred
AS24-U2-000350 - Users and scripts running on behalf of users must be contained to the document root or home directory tree of the Apache web server
AS24-U2-000380 - The Apache web server must perform RFC 5280-compliant certification path validation
AS24-U2-000390 - Only authenticated system administrators or the designated PKI Sponsor for the Apache web server must have access to the Apache web servers private key
AS24-U2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application
AS24-U2-000660 - The Apache web server must set an inactive timeout for sessions
AS24-U2-000890 - Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies
