| 1.1 Remove extraneous files and directories - @APP_Config_catalogs@/webapps/examples | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - /webapps/host-manager | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - /webapps/manager | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - /webapps/ROOT | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.6 Turn off TRACE | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.10 Disable Apache Service | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 3.1 Set a nondeterministic Shutdown command value | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 4.3 Restrict access to Tomcat configuration directory | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4 Restrict access to Tomcat logs directory | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.11 Restrict access to Tomcat logging.properties | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.13 Restrict access to Tomcat tomcat-users.xml | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1 Use secure Realms | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to true | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to true | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Application specific logging | CIS Apache Tomcat 8 L2 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1 Application specific logging | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1 Application specific logging | CIS Apache Tomcat 11 v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1 Application specific logging | CIS Apache Tomcat 10.1 v1.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.3 Ensure className is set correctly in context.xml | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.4 Ensure directory in context.xml is a secure location - permissions | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.6 Ensure directory in logging.properties is a secure location - check prefix application name | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 8.1 Restrict runtime access to sensitive packages | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 9.3 Disable deploy on startup of applications | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.16 Enable memory leak listener | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - web.xml | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 11.2 Ensure Apache Processes Run in the httpd_t Confined Context | CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials - Welcome page | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000900 - The Apache web server must remove all export ciphers to protect the confidentiality and integrity of transmitted information. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DISA_Microsoft_Windows_10_STIG_v3r4.audit from DISA Microsoft Windows 10 STIG v3r4 | DISA Microsoft Windows 10 STIG v3r4 | Windows | |
| DISA_Oracle_Database_19c_STIG_v1r1.audit from DISA Oracle Database 19c STIG v1r1 | DISA Oracle Database 19c STIG v1r1 Unix | Unix | |
| DISA_Oracle_Database_19c_STIG_v1r1.audit from DISA Oracle Database 19c STIG v1r1 | DISA Oracle Database 19c STIG v1r1 Windows | Windows | |
| DISA_STIG_Cisco_ASA_FW_v2r1.audit from DISA Cisco ASA Firewall v2r1 STIG | DISA STIG Cisco ASA FW v2r1 | Cisco | |
| DISA_STIG_Cisco_ASA_NDM_v2r2.audit from DISA Cisco ASA NDM v2r2 STIG | DISA STIG Cisco ASA NDM v2r2 | Cisco | |
| DISA_STIG_Cisco_ASA_VPN_v2r2.audit from DISA Cisco ASA VPN v2r2 STIG | DISA STIG Cisco ASA VPN v2r2 | Cisco | |
| DISA_STIG_IBM_DB2_v10.5_LUW_v2r1_OS_Linux.audit from DISA IBM DB2 V10.5 LUW v2r1 STIG | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux | Unix | |
| DISA_STIG_Microsoft_Access_2013_v1r7.audit from DISA Microsoft Access 2013 v1r7 STIG | DISA STIG Microsoft Access 2013 v1r7 | Windows | |
| DISA_STIG_Microsoft_Defender_Antivirus_v2r4.audit from DISA Microsoft Defender Antivirus v2r4 STIG | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | |
| DISA_STIG_Microsoft_Excel_2016_v2r1.audit from DISA Microsoft Excel 2016 v2r1 STIG | DISA STIG Microsoft Excel 2016 v2r1 | Windows | |
| DISA_STIG_Microsoft_Lync_2013_v1r5.audit from DISA Microsoft Lync 2013 v1r5 STIG | DISA STIG Microsoft Lync 2013 v1r5 | Windows | |
| DISA_STIG_Microsoft_OneNote_2013_v1r4.audit from DISA Microsoft OneNote 2013 v1r4 STIG | DISA STIG Microsoft OneNote 2013 v1r4 | Windows | |
| DISA_STIG_Microsoft_Outlook_2016_v2r3.audit from DISA Microsoft Outlook 2016 v2r3 STIG | DISA STIG Microsoft Outlook 2016 v2r3 | Windows | |
| DISA_STIG_Microsoft_Project_2013_v1r5.audit from DISA Microsoft Project 2013 v1r5 STIG | DISA STIG Microsoft Project 2013 v1r5 | Windows | |
| DISA_STIG_Microsoft_Word_2010_v1r12.audit from DISA Microsoft Word 2010 v1r12 STIG | DISA STIG Office 2010 Word v1r12 | Windows | |
| DISA_STIG_Oracle_Linux_5_v2r1.audit from DISA Oracle Linux 5 v2r1 STIG | DISA STIG for Oracle Linux 5 v2r1 | Unix | |
| DISA_STIG_Oracle_Linux_7_v3r2.audit from DISA Oracle Linux 7 v3r2 STIG | DISA Oracle Linux 7 STIG v3r2 | Unix | |
| DISA_STIG_SharePoint_2013_v2r4.audit from DISA Microsoft SharePoint 2013 v2r4 STIG | DISA STIG SharePoint 2013 v2r4 | Windows | |
| DISA_STIG_Solaris_10_x86_v2r4.audit from DISA Solaris 10 X86 v2r4 STIG | DISA STIG Solaris 10 X86 v2r4 | Unix | |
| DISA_STIG_Solaris_11_SPARC_v3r1.audit from DISA Solaris 11 SPARC v3r1 STIG | DISA STIG Solaris 11 SPARC v3r1 | Unix | |
