| 1.1 Remove extraneous files and directories - CATALINA_CONF/conf/Catalina/localhost/host-manager.xml | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/balancer | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/docs | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/ROOT/admin | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories (WEBAPP_DIR/balancer) | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories (WEBAPP_DIR/ROOT/admin) | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories (WEBAPP_DIR/servlet-example) | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories (WEBAPP_DIR/tomcat-docs) | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Disable Unused Connectors | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6 Turn off TRACE | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1 Set a nondeterministic Shutdown command value | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Restrict access to $CATALINA_HOME | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 4.4 Restrict access to Tomcat logs directory | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4 Restrict access to Tomcat logs directory | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.6 Restrict access to Tomcat binaries directory | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 4.9 Restrict access to Tomcat catalina.policy | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.11 Restrict access to Tomcat logging.properties | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.11 Restrict access to Tomcat logging.properties | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.12 Restrict access to Tomcat server.xml | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1 Setup Client-cert Authentication | CIS Apache Tomcat 11 v1.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.3 Ensure scheme is set accurately | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure scheme is set accurately | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.3 Ensure scheme is set accurately | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.4 Ensure secure is set to true only for SSL-enabled Connectors | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4 Ensure secure is set to true only for SSL-enabled Connectors | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler exists in web application) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler exists inin default) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler exists in web application) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.3 Ensure className is set correctly in context.xml | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.3 Ensure className is set correctly in context.xml | CIS Apache Tomcat 10.1 v1.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.4 Ensure directory in context.xml is a secure location | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.4 Ensure directory in context.xml is a secure location - configuration | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.5 Ensure pattern in context.xml is correct | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.6 Ensure directory in logging.properties is a secure location (check application log directory is secure) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | |
| 7.7 Configure log file size limit (verify java.util.logging.FileHandler.limit is smaller than disk partition) | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 9.1 Disabling auto deployment of applications | CIS Apache Tomcat 11 v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 10.2 Restrict access to the web administration application | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | ACCESS CONTROL |
| 10.2 Restrict access to the web administration application | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 10.3 Restrict manager application | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | ACCESS CONTROL |
| 10.4 Force SSL when accessing the manager application via HTTP | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.7 Turn off session facade recycling | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 10.9 Do not allow custom header status messages | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.10 Configure maxHttpHeaderSize | CIS Apache Tomcat 11 v1.0.0 L2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.11 Force SSL for all applications | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.13 Do not run applications as privileged | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | ACCESS CONTROL |
| 10.14 Do not allow cross context requests | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000570 - Exchange must render hyperlinks from email sources from non-.mil domains as unclickable. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
