| 1 - Application specific logging - start.jar --module=logging | TNS Best Practice Jetty 9 Linux | Unix | |
| 2 - Remove or Disable Example Content - enable-welcome-root | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.LEVEL=INFO | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StrErrLog | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.4 Set a screen corner to Start Screen Saver | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 2.17 Ensure no login exists with the name 'sa' | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.17 Ensure no login exists with the name 'sa' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.17 Ensure no login exists with the name 'sa' | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.17 Ensure no login exists with the name 'sa' | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3 - Audit Logging - Logger | TNS Best Practice JBoss 7 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3 - Configure log file size limit - Settings | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.10 Ensure an AWS Managed Config Rule for encrypted volumes is applied to Web Tier - Encryption | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.11 Ensure an AWS Managed Config Rule for encrypted volumes is applied to App Tier - KMS ID | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.12 Ensure an AWS Managed Config Rule for EIPs attached to EC2 instances within VPC | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7 - SSL implementation - start.ini --module=http | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7 - SSL implementation - start.ini --module=https | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7 - SSL implementation - start.ini --module=ssl | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7 - SSL implementation - start.jar --module=http | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 12 - Restrict access to logs directory - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 12 - Restrict access to logs directory - owner | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 15 - Authentication | TNS Best Practice JBoss 7 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| 15 - Restrict access to web application directory - owner | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 16 - ORB Subsystem - Initializers On | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 16 - Restrict access to JETTY.policy - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 17 - Restrict access to JETTY.properties - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 19 - Restrict access to logging.properties - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 20 - Enable Encryption | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20 - Restrict access to server.xml - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 23 - Strong password policy must be established | TNS Best Practice Jetty 9 Linux | Unix | |
| 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/doc | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/servlet-example | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 25 - Disable Unused Connectors | TNS Best Practice Jetty 9 Linux | Unix | |
| 34 - Ensure Web content directory is on a separate partition from the system files | TNS Best Practice Jetty 9 Linux | Unix | |
| 35 - Do not allow custom header status messages | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 36 - Configure connectionTimeout | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 38 - Force SSL for all applications | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 39 - Increase the entropy in session identifiers | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000510 - The Cisco BGP switch must be configured to reject inbound route advertisements from a customer edge (CE) switch for prefixes that are not allocated to that customer. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| EX13-MB-000220 - The Exchange global outbound message size must be controlled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000275 - The Exchange Receive connector timeout must be limited. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | ACCESS CONTROL |
| EX16-MB-000430 - The Exchange global inbound message size must be controlled. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000550 - The Exchange Receive connector timeout must be limited. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | ACCESS CONTROL |
| EX19-MB-000129 - The Exchange global inbound message size must be controlled. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000130 - The Exchange global outbound message size must be controlled. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000158 - The Exchange receive connector timeout must be limited. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | ACCESS CONTROL |
| Non-Essential modules should be disabled. 'mod_status' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Server version information parameters should be turned off - 'ServerTokens Prod' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Timeout value parameter value should be appropriately configured | TNS IBM HTTP Server Best Practice | Unix | ACCESS CONTROL |
| WBSP-AS-000970 - The WebSphere Application Server must disable JSP class reloading. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
