| 1 - Application specific logging - ${jetty.base}/start.ini --module=logging | TNS Best Practice Jetty 9 Linux | Unix | |
| 1 - Remove or Disable Example Content - ExampleDS | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.websocket.LEVEL=DEBUG | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3 - Audit Logging - Handler | TNS Best Practice JBoss 7 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 5 - Granular Log Levels | TNS Best Practice JBoss 7 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 6 - Encryption | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7 - File system permissions of log files | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 7 - SSL implementation - start.ini --module=deploy | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9 - Deployment Scanner | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 12 - Remove and mask informational headers - JSP Configuration | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 13 - Restrict access to temp directory - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 14 - Restrict access to binaries directory - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 15 - Restrict access to web application directory - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 17 - Restrict access to JETTY.properties - owner | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 17 - Setup a security domain | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 18 - Role Based Authentication per queue | TNS Best Practice JBoss 7 Linux | Unix | ACCESS CONTROL |
| 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/balancer | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/webdav | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 29 - Ensure secure is set to true only for SSL-enabled Connectors | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 31 - Starting with Security Manager | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 32 - Disabling auto deployment of applications | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 33 - Disable deploy on startup of applications | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 40 - Do not allow symbolic linking | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 42 - Do not allow cross context requests | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 43 - Do not resolve hosts on logging valves - SERVER_XML | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 44 - Use Lockout Realms | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| Adtran : Disable SSLv2 | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Adtran : Enable NTP | TNS Adtran AOS Best Practice Audit | Adtran | |
| Adtran : Enable service password-encryption | TNS Adtran AOS Best Practice Audit | Adtran | IDENTIFICATION AND AUTHENTICATION |
| Adtran : Encrypt enable password | TNS Adtran AOS Best Practice Audit | Adtran | IDENTIFICATION AND AUTHENTICATION |
| Adtran : Ensure DHCP is Disabled unless needed | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Adtran : Ensure the log level is set at an appropriate setting | TNS Adtran AOS Best Practice Audit | Adtran | AUDIT AND ACCOUNTABILITY |
| Adtran : Set 'login' Banner | TNS Adtran AOS Best Practice Audit | Adtran | ACCESS CONTROL |
| Adtran : SNMP 'PUBLIC' community string not used | TNS Adtran AOS Best Practice Audit | Adtran | IDENTIFICATION AND AUTHENTICATION |
| Adtran : Web Session Timeout <= 900 secs | TNS Adtran AOS Best Practice Audit | Adtran | ACCESS CONTROL |
| F5BI-AS-000163 - To protect against data mining, The BIG-IP ASM module must be configured to detect code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields when providing content filtering to virtual servers. | DISA F5 BIG-IP Application Security Manager STIG v2r2 | F5 | ACCESS CONTROL |
| GEN006560 - The system vulnerability assessment tool, host-based intrusion detection tool, and file integrity tool must notify SA and IAO. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| JUEX-L2-000020 - The Juniper EX switch must be configured to uniquely identify all network-connected endpoint devices before establishing any connection. | DISA Juniper EX Series Layer 2 Switch v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUSX-IP-000025 - The IDPS must send an alert to, at a minimum, the ISSO and ISSM when DoS incidents are detected. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| PANW-AG-000111 - The Palo Alto Networks security platform must be configured to integrate with a system-wide intrusion detection system. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| PANW-IP-000024 - The Palo Alto Networks security platform must install updates for application software files, signature definitions, detection heuristics, and vendor-provided rules when new releases are available in accordance with organizational configuration management policy and procedures. | DISA STIG Palo Alto IDPS v3r2 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-651035 - RHEL 9 must be configured so that the file integrity tool verifies extended attributes. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server - From | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server - Server | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| The hosts.deny file blocks access by default | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| XAPI SSL certificate is in default location | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| XenServer - List bonded NIC groups | TNS Citrix XenServer | Unix | CONFIGURATION MANAGEMENT |
| XenServer - List VLANs | TNS Citrix XenServer | Unix | CONFIGURATION MANAGEMENT |
| XenServer - NTP client configured | TNS Citrix XenServer | Unix | AUDIT AND ACCOUNTABILITY |
| XenServer - The hosts.allow file limits access to the local network | TNS Citrix XenServer | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
