| 4.8 Ensure Handler is not granted Write and Script/Execute | CIS IIS 8.0 v1.5.1 Level 1 | Windows | ACCESS CONTROL |
| 7.1 Ensure mod_ssl and/or mod_nss Is Installed | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000680 - The Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000680 - The Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | ACCESS CONTROL |
| AS24-W1-000590 - The Apache web server must restrict the ability of users to launch denial-of-service (DoS) attacks against other information systems or networks. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000095 - The ESXi host must implement Secure Boot enforcement. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - WebSiteSSLEnabled | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| JBOS-AS-000245 - Welcome Web Application must be disabled - Welcome Web Application must be disabled. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000034 - OHS must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000047 - OHS must have a log file defined for each site/virtual host to capture logs generated by system startup and shutdown, system access, and system authentication events. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000161 - OHS must have the LoadModule cgi_module directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000162 - OHS must have the LoadModule cgid_module directive disabled - mpm_worker_module | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000162 - OHS must have the LoadModule cgid_module directive disabled - proxy_balancer_module | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000163 - OHS must have the IfModule cgid_module directive disabled for the OHS server, virtual host, and directory configuration. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000164 - OHS must have the LoadModule cgi_module directive disabled within the IfModule mpm_winnt_module directive - cgi_module | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000164 - OHS must have the LoadModule cgi_module directive disabled within the IfModule mpm_winnt_module directive - mpm_winnt_module | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000165 - OHS must have the ScriptAlias /cgi-bin/ directive within a IfModule alias_module directive disabled - alias_module | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000165 - OHS must have the ScriptAlias /cgi-bin/ directive within a IfModule alias_module directive disabled - ScriptAlias /cgi-bin/ | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000166 - OHS must have the ScriptSock directive within a IfModule cgid_module directive disabled - cgid_module | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000166 - OHS must have the ScriptSock directive within a IfModule cgid_module directive disabled - ScriptSock | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000167 - OHS must have the cgi-bin directory disabled - httpd.conf | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000167 - OHS must have the cgi-bin directory disabled - ssl.conf | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000168 - OHS must have directives pertaining to certain scripting languages removed from virtual hosts. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000219 - OHS must be segregated from other services - OHS must be segregated from other services. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000284 - OHS must have the KeepAlive directive properly set to restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000286 - OHS must have the MaxKeepAliveRequests directive properly set to restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000288 - OHS must have the LimitRequestBody directive set to restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000289 - OHS must have the LimitRequestFields directive set to restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000310 - OHS must have the SSLEngine, SSLProtocol, SSLWallet directives enabled and configured to prevent unauthorized disclosure of information during transmission - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - AAA - LDAP server is trusted | TNS SonicWALL v5.9 | SonicWALL | CONFIGURATION MANAGEMENT |
| VCLD-67-000019 - VAMI must remove all mappings to unused scripts - cgi | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-67-000019 - VAMI must remove all mappings to unused scripts - erb | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-67-000019 - VAMI must remove all mappings to unused scripts - pl | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-67-000019 - VAMI must remove all mappings to unused scripts - py | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-67-000019 - VAMI must remove all mappings to unused scripts - rb | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-67-000032 - VAMI configuration files must be protected from unauthorized access - etc | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-70-000013 - VAMI must remove all mappings to unused scripts. - cgi | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-70-000013 - VAMI must remove all mappings to unused scripts. - py | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-70-000017 - VAMI must protect the keystore from unauthorized access - MIME that invoke OS shell programs disabled. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCLD-80-000040 The vCenter VAMI service must restrict access to the web server's private key. | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WA000-WWA052 A22 - The '-FollowSymLinks' setting must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WA000-WWA052 W22 - The FollowSymLinks setting must be disabled. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA155 IIS6 - Classified web servers must be afforded physical security commensurate with the classification of its content. | DISA STIG IIS 6.0 Server v6r16 | Windows | |
| WA155 W22 - Classified web servers will be afforded physical security commensurate with the classification of its content. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG080 IIS6 - A compiler must not be installed on a production web server. - 'Lcc-win32.exe search' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG204 A22 - A web server must be segregated from other services. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WG204 A22 - A web server must be segregated from other services. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WG330 W22 - A public web server must limit e-mail to outbound only. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG385 W22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. - 'test-cgi' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG520 A22 - Web server and/or operating system information must be protected. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
