| APPL-15-002008 - The macOS system must disable the built-in web server. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| AS24-U1-000250 - The Apache web server must only contain services and functions necessary for operation. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000250 - The Apache web server must only contain services and functions necessary for operation. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U2-000320 - The Apache web server must have resource mappings set to disable the serving of certain file types. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U2-000540 - The Apache web server must augment re-creation to a stable and known baseline. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U2-000540 - The Apache web server must augment re-creation to a stable and known baseline. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000250 - The Apache web server must only contain services and functions necessary for operation - conf/extra/proxy-html.conf | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000830 - The Apache web server must be tuned to handle the operational requirements of the hosted application. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W2-000540 - The Apache web server must augment re-creation to a stable and known baseline. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W2-000560 - The Apache web server must be configured to provide clustering - mod_proxy | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Disable the Built-in Web Server | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable the Built-in Web Server | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable the Built-in Web Server | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable the Built-in Web Server | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable the Built-in Web Server | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable the Built-in Web Server | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable the Built-in Web Server | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| DISA_Microsoft_Windows_Server_2019_STIG_v3r4.audit from DISA Microsoft Windows Server 2019 STIG v3r4 | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | |
| DISA_STIG_Apache_Tomcat_Application_Server_9_v3r2_Middleware.audit from DISA Apache Tomcat Application Server 9 v3r2 STIG | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | |
| DISA_STIG_EDB_PostgreSQL_Advanced_Server_v9.6_v2r3_OS_Linux.audit from DISA EDB Postgres Advanced Server v9.6 v2r3 STIG | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | |
| DISA_STIG_Oracle_HTTP_Server_12.1.3_v2r3.audit from DISA Oracle HTTP Server 12.1.3 v2r3 STIG | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | |
| DISA_STIG_Oracle_WebLogic_Server_12c_Linux_v2r2.audit from DISA Oracle WebLogic Server 12c v2r2 STIG | Oracle WebLogic Server 12c Linux v2r2 | Unix | |
| DISA_STIG_Oracle_WebLogic_Server_12c_Windows_v2r2.audit from DISA Oracle WebLogic Server 12c v2r2 STIG | Oracle WebLogic Server 12c Windows v2r2 | Windows | |
| Monterey - Disable the Built-in Web Server | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the Built-in Web Server | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the Built-in Web Server | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the Built-in Web Server | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the Built-in Web Server | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the Built-in Web Server | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| OH12-1X-000169 - OHS must have resource mappings set to disable the serving of certain file types - Deny from all | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000169 - OHS must have resource mappings set to disable the serving of certain file types - Order allow,deny | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000223 - The OHS document root directory must not be on a network share. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000349 - OHS must have the Alias /error directive defined to reference the directory accompanying the ErrorDocument directives to minimize the identity of OHS, patches, loaded modules, and directory paths in warning and error messages displayed to clients. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OH12-1X-000351 - OHS must have defined error pages for common error codes that minimize the identity of the web server, patches, loaded modules, and directory paths - ErrorDocument 400 | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OH12-1X-000351 - OHS must have defined error pages for common error codes that minimize the identity of the web server, patches, loaded modules, and directory paths - ErrorDocument 403 | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OH12-1X-000351 - OHS must have defined error pages for common error codes that minimize the identity of the web server, patches, loaded modules, and directory paths - ErrorDocument 411 | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000013 - ESX Agent Manager must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCFL-67-000014 - vSphere Client must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-70-000013 - Performance Charts must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-67-000012 - vSphere UI must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WI6040 IIS6 - A unique non-privileged account must be used to run Worker Process Identities. - 'AppPoolIdentityType = 3 - WAMUserName' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WG290 IIS6 - The web client account access to the content and scripts directories must be limited to read and execute. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | |
| WG385 W22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. - 'extra' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG385 W22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. - 'printenv' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WN19-00-000420 - Windows Server 2019 FTP servers must be configured to prevent anonymous logons. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
