1.2 Ensure the Server Is Not a Multi-Use System | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
2.1.2 Ensure HTTP WebDAV module is not installed | CIS NGINX Benchmark v2.1.0 L2 Loadbalancer | Unix | CONFIGURATION MANAGEMENT |
2.1.2 Ensure HTTP WebDAV module is not installed | CIS NGINX Benchmark v2.1.0 L2 Proxy | Unix | CONFIGURATION MANAGEMENT |
3.1 Ensure 'deployment method retail' is set | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
3.6 Ensure 'httpcookie' mode is configured for session state | CIS IIS 8.0 v1.5.1 Level 2 | Windows | CONFIGURATION MANAGEMENT |
3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CIS IIS 7 L2 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
3.6 Ensure 'httpcookie' mode is configured for session state - Default | CIS IIS 7 L2 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
4.7 Ensure Unlisted File Extensions are not allowed - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
4.7 Ensure Unlisted File Extensions are not allowed - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
5.3 Ensure 'ETW Logging' is enabled - Default ETW | CIS IIS 8.0 v1.5.1 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
5.3 Ensure 'ETW Logging' is enabled - Default W3C | CIS IIS 8.0 v1.5.1 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
5.3 Ensure 'ETW Logging' is enabled - Sites logFormat W3C with ETW target | CIS IIS 8.0 v1.5.1 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
5.14 Ensure Browser Framing Is Restricted | CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
5.14 Ensure Browser Framing Is Restricted | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
6.3 Ensure that SharePoint user sessions are terminated upon user logoff and when the idle time limit is exceeded | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | ACCESS CONTROL |
AS24-U1-000240 - The Apache web server must not perform user management for hosted applications. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
AS24-U1-000240 - The Apache web server must not perform user management for hosted applications. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
AS24-U1-000300 - The Apache web server must have resource mappings set to disable the serving of certain file types. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
AS24-U1-000310 - The Apache web server must allow the mappings to unused and vulnerable scripts to be removed. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
AS24-U1-000310 - The Apache web server must allow the mappings to unused and vulnerable scripts to be removed. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
AS24-U1-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
AS24-U1-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
AS24-U1-000960 - The Apache web server software must be a vendor-supported version. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
AS24-U2-000310 - The Apache web server must allow mappings to unused and vulnerable scripts to be removed. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | CONFIGURATION MANAGEMENT |
AS24-U2-000310 - The Apache web server must allow mappings to unused and vulnerable scripts to be removed. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | CONFIGURATION MANAGEMENT |
AS24-U2-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
AS24-U2-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
AS24-W1-000300 - The Apache web server must have resource mappings set to disable the serving of certain file types. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
AS24-W1-000310 - The Apache web server must allow the mappings to unused and vulnerable scripts to be removed. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
AS24-W1-000310 - The Apache web server must allow the mappings to unused and vulnerable scripts to be removed. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
AS24-W1-000580 - The Apache web server document directory must be in a separate partition from the Apache web servers system files. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
AS24-W1-000960 - The Apache web server software must be a vendor-supported version. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
AS24-W1-000960 - The Apache web server software must be a vendor-supported version. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
AS24-W2-000300 - The Apache web server must have resource mappings set to disable the serving of certain file types. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | CONFIGURATION MANAGEMENT |
AS24-W2-000310 - The Apache web server must allow the mappings to unused and vulnerable scripts to be removed. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | CONFIGURATION MANAGEMENT |
AS24-W2-000580 - The Apache web server document directory must be in a separate partition from the Apache web servers system files. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
AS24-W2-000830 - The Apache web server must be tuned to handle the operational requirements of the hosted application. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
DISA_STIG_Server_2012_and_2012_R2_MS_v3r7.audit from DISA Microsoft Windows Server 2012/2012 R2 Member Server v3r7 STIG | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | |
VCEM-67-000015 - ESX Agent Manager must be configured with memory leak protection. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
VCFL-67-000019 - vSphere Client directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
VCLU-70-000017 - Lookup Service directory tree must have permissions in an out-of-the-box state - out-of-the box state. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
VCPF-67-000012 - Performance Charts must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
VCPF-67-000016 - Performance Charts directory tree must have permissions in an 'out-of-the box' state - out-of-the box state. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
VCPF-70-000017 - Performance Charts directory tree must have permissions in an out-of-the-box state. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
WA000-WI6084 IIS6 - The FavorUTF8 registry key must be set properly. | DISA STIG IIS 6.0 Server v6r16 | Windows | SYSTEM AND INFORMATION INTEGRITY |
WG040 A22 - Public web server resources must not be shared with private assets. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
WG242 A22 - Log file data must contain required data elements. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | AUDIT AND ACCOUNTABILITY |
WG242 W22 - Log file data must contain required data elements. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY |
WG330 IIS6 - A public web server must limit e-mail to outbound only. | DISA STIG IIS 6.0 Server v6r16 | Windows | |
WG490 IIS6 - Java software installed on the web server must be limited to class files and the JAVA virtual machine. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |