| 1 - Application specific logging - ${jetty.base}/start.ini --module=logging | TNS Best Practice Jetty 9 Linux | Unix | |
| 1 - Remove or Disable Example Content - ExampleDS | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.websocket.LEVEL=DEBUG | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3 - Audit Logging - Handler | TNS Best Practice JBoss 7 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Ensure images are scanned and rebuilt to include security patches | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5 - Granular Log Levels | TNS Best Practice JBoss 7 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 7 - File system permissions of log files | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 9 - Deployment Scanner | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 9.1.4.1 Ensure That Microsoft Defender for Containers Is Set To 'On' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | RISK ASSESSMENT |
| 9.6 Ensure root PATH Integrity - writeable dir in path | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 12 - Remove and mask informational headers - JSP Configuration | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 13 - Restrict access to temp directory - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 14 - Restrict access to binaries directory - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 15 - Restrict access to web application directory - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 17 - Restrict access to JETTY.properties - owner | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 17 - Setup a security domain | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 18 - Role Based Authentication per queue | TNS Best Practice JBoss 7 Linux | Unix | ACCESS CONTROL |
| 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/balancer | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/webdav | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 29 - Ensure secure is set to true only for SSL-enabled Connectors | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 31 - Starting with Security Manager | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 32 - Disabling auto deployment of applications | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 33 - Disable deploy on startup of applications | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 40 - Do not allow symbolic linking | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 42 - Do not allow cross context requests | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 43 - Do not resolve hosts on logging valves - SERVER_XML | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| Adtran : Disable SSLv2 | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Adtran : Enable NTP | TNS Adtran AOS Best Practice Audit | Adtran | |
| Adtran : Enable service password-encryption | TNS Adtran AOS Best Practice Audit | Adtran | IDENTIFICATION AND AUTHENTICATION |
| Adtran : Encrypt enable password | TNS Adtran AOS Best Practice Audit | Adtran | IDENTIFICATION AND AUTHENTICATION |
| Adtran : Ensure DHCP is Disabled unless needed | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Adtran : Ensure the log level is set at an appropriate setting | TNS Adtran AOS Best Practice Audit | Adtran | AUDIT AND ACCOUNTABILITY |
| Adtran : Set 'login' Banner | TNS Adtran AOS Best Practice Audit | Adtran | ACCESS CONTROL |
| Adtran : SNMP 'PUBLIC' community string not used | TNS Adtran AOS Best Practice Audit | Adtran | IDENTIFICATION AND AUTHENTICATION |
| Adtran : Web Session Timeout <= 900 secs | TNS Adtran AOS Best Practice Audit | Adtran | ACCESS CONTROL |
| CD12-00-011800 - PostgreSQL must map the PKI-authenticated identity to an associated user account. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure that the 'local-infile' database flag for a Cloud Databases Mysql instance is set to '0' | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'max_allowed_packet' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'max_connections' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'max_user_connections' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'sql_mode' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'wait_timeout' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-004600 - The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/used by the EDB Postgres Advanced Server. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-006100 - Access to database files must be limited to relevant processes and to authorized, administrative users. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-002600 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized read access. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Review the list of Database Backups | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONTINGENCY PLANNING |
| WN16-DC-000290 - Domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-DC-000290 - Windows Server 2019 domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
