Detections
Analytics

Item Search

NameAudit NamePluginCategory
DG0003-ORACLE11 - The latest security patches should be installed.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0020-ORACLE11 - Backup and recovery procedures should be developed, documented, implemented and periodically tested.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0021-ORACLE11 - A baseline of database application software should be documented and maintained.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0042-ORACLE11 - Use of the DBMS software installation account should be restricted to DBMS software installation, upgrade and maintenance actions.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0069-ORACLE11 - Procedures and restrictions for import of production data to development databases should be documented, implemented and followed.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0083-ORACLE11 - Automated notification of suspicious activity detected in the audit trail should be implemented.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0120-ORACLE11 - Unauthorized access to external database objects should be removed from application user roles.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0175-ORACLE11 - The DBMS host platform and other dependent applications should be configured in compliance with applicable STIG requirements.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
WA070 A22 - A private web server must be located on a separate controlled access subnet.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA070 A22 - A private web server must be located on a separate controlled access subnet.DISA STIG Apache Server 2.2 Unix v1r11Unix
WA070 IIS6 - A private web server must be located on a separate controlled access subnet.DISA STIG IIS 6.0 Server v6r16Windows
WA070 W22 - A private web server must be located on a separate controlled access subnet.DISA STIG Apache Server 2.2 Windows v1r13Windows
WA230 A22 - The Web site software used with the web server must have all applicable security patches applied and documented.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA230 IIS6 - The site software used with the web server must have all applicable security patches applied and documented.DISA STIG IIS 6.0 Server v6r16Windows
WA00500 A22 - Active software modules must be minimized.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00520 A22 - The web server must not be configured as a proxy server.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00535 A22 - The score board file must be properly secured.DISA STIG Apache Server 2.2 Unix v1r11Unix
WA00555 A22 - The web server must be configured to listen on a specific IP address and port - [::ffff:0.0.0.0]:80DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00560 A22 - The URL-path name must be set to the file path name or the directory path name.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00565 A22 - HTTP request methods must be limited - LimitExceptDISA STIG Apache Server 2.2 Unix v1r11Unix
WA00565 A22 - HTTP request methods must be limited - OrderDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG040 A22 - Public web server resources must not be shared with private assets.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG050 A22 - The web server password(s) must be entrusted to the SA or Web Manager.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG050 IIS6 - The web server service password(s) must be entrusted to the SA or Web Manager.DISA STIG IIS 6.0 Server v6r16Windows
WG050 W22 - The web server service password(s) must be entrusted to the SA or Web Manager.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG080 A22 - Installation of a compiler on production web server is prohibited.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG145 A22 - The private web server must use an approved DoD certificate validation process.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG145 IIS6 - The private web server must use an approved DoD certificate validation process. - 'Check W3SVC/WEBSITES CertCheckMode'DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG204 A22 - A web server must be segregated from other services.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG204 W22 - A web server installation must be segregated from other services.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG220 A22 - Web administration tools must be restricted to the web manager and the web manager's designees - ResourceConfigDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG250 A22 - Log file access must be restricted to System Administrators, Web Administrators or Auditors.DISA STIG Apache Site 2.2 Unix v1r11Unix
WG260 A22 - Only web sites that have been fully reviewed and tested must exist on a production web server.DISA STIG Apache Site 2.2 Unix v1r11Unix
WG260 A22 - Only web sites that have been fully reviewed and tested must exist on a production web server.DISA STIG Apache Site 2.2 Unix v1r11 MiddlewareUnix
WG260 IIS6 - Only fully reviewed and tested web sites must exist on a production web server.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG260 W22 - Only web sites that have been fully reviewed and tested must exist on a production web server.DISA STIG Apache Site 2.2 Windows v1r13Windows
WG275 W22 - The web server, although started by superuser or privileged account, must run using a non-privileged account.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG280 - The access control files are owned by a privileged web server account - .htaccess existDISA STIG Apache Server 2.2 Windows v1r13Windows
WG280 - The access control files are owned by a privileged web server account - HTACCESS_DIRDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG330 A22 - A public web server must limit email to outbound only - sendmailDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG330 IIS6 - A public web server must limit e-mail to outbound only.DISA STIG IIS 6.0 Server v6r16Windows
WG350 A22 - A private web server will have a valid DoD server certificate.DISA STIG Apache Site 2.2 Unix v1r11Unix
WG350 IIS6 - A private web server must have a valid server certificate.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG355 A22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG355 A22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG355 IIS6 - A private web site must utilize certificates from a trusted DoD CA.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG430 A22 - Anonymous FTP user access to interactive scripts is prohibited.DISA STIG Apache Site 2.2 Unix v1r11Unix
WG440 IIS6 - Monitoring software must include CGI type files or equivalent programs.DISA STIG IIS 6.0 Server v6r16Windows
WG460 W22 - PERL scripts must use the TAINT option.DISA STIG Apache Site 2.2 Windows v1r13Windows
WG470 W22 - Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. - 'Cscript.exe'DISA STIG Apache Server 2.2 Windows v1r13Windows