| 2.1.18 Ensure web server services are not in use | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.18 Ensure web server services are not in use | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.18 Ensure web server services are not in use | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.18 Ensure web server services are not in use | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.18 Ensure web server services are not in use | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.19 Ensure web server services are not in use | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.19 Ensure web server services are not in use | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.11 Disable Apache services - Make sure that /etc/apache/httpd.conf does not exist. Note this check is only applicable for Apache 1.x | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.11 Disable Apache services - Make sure that network/http:apache2 is disabled. | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.2.18 Ensure web server services are not in use | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.18 Ensure web server services are not in use | CIS AlmaLinux OS 8 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.2 Ensure a trusted certificate and trust chain is installed | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.2 Ensure a trusted certificate and trust chain is installed | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.7 Ensure Unlisted File Extensions are not allowed | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| AIX7-00-002057 - AIX audit logs must be rotated daily. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000330 - The Apache web server must have Web Distributed Authoring (WebDAV) disabled. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-W1-000360 - The Apache web server must be configured to use a specified IP address and port - IP or Port Only | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000360 - The Apache web server must be configured to use a specified IP address and port - IP or Port Only | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000370 - The Apache web server must encrypt passwords during transmission. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| AS24-W1-000370 - The Apache web server must encrypt passwords during transmission. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| AS24-W1-000480 - The Apache web server must accept only system-generated session identifiers. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000480 - The Apache web server must accept only system-generated session identifiers. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000094 - The ESXi host must require TPM-based configuration encryption. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| IIST-SV-000131 - IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA IIS 10.0 Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000131 - IIS 8.5 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000156 - OHS must disable the directive pointing to the directory containing the OHS manuals. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000157 - OHS must have the AliasMatch directive disabled for the OHS manuals. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000241 - OHS must use FIPS modules to encrypt passwords during transmission. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000242 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to encrypt passwords during transmission - SSLProtocol | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000242 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to encrypt passwords during transmission - SSLWallet | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000243 - OHS must have the SSLCipherSuite directive enabled to encrypt passwords during transmission. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCLD-70-000015 - VAMI must not have the Web Distributed Authoring (WebDAV) servlet installed. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-70-000022 - VAMI must have debug logging disabled. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLU-80-000136 The vCenter Lookup service debug parameter must be disabled. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000136 The vCenter Perfcharts service debug parameter must be disabled. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - '.cmd mappings' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - 'Internet Data Connector Disallowed' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - 'Server Side Includes Disallowed' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA120 A22 - Administrative users and groups that have access rights to the web server must be documented. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WA120 A22 - Administrative users and groups that have access rights to the web server must be documented. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA120 IIS6 - Administrative users and groups with access privilege to the web server must be documented. | DISA STIG IIS 6.0 Server v6r16 | Windows | |
| WBSP-AS-001580 - The WebSphere Application Server memory session settings must be defined according to application load requirements. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001630 - The WebSphere Application Server plugin must be configured to use HTTPS only - WCInboundDefault | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG200 A22 - Administrators must be the only users allowed access to the directory tree, the shell, or other operating system functions and utilities. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WG200 A22 - Administrators must be the only users allowed access to the directory tree, the shell, or other operating system functions and utilities. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | ACCESS CONTROL |
| WG205 W22 - The web document (home) directory must be in a separate partition from the web server's system files. - 'ErrorLog' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY |
| WG385 IIS6 - All web server documentation, sample code, example applications, and tutorials must be removed. - 'Inetpub\Iissamples' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
