| 2.1.2 Ensure HTTP WebDAV module is not installed | CIS NGINX Benchmark v2.1.0 L2 Webserver | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure HTTP WebDAV module is not installed | CIS NGINX Benchmark v2.1.0 L2 Proxy | Unix | CONFIGURATION MANAGEMENT |
| 2.2.10 Ensure a web server is not installed | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.10 Ensure a web server is not installed | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Default | CIS IIS 7 L2 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.18 Only enable Web server if absolutely necessary - Ensure file /etc/rc3.d/S50apache does NOT exist. | CIS Solaris 9 v1.3 | Unix | CONFIGURATION MANAGEMENT |
| 6.3 Ensure that SharePoint user sessions are terminated upon user logoff and when the idle time limit is exceeded | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | ACCESS CONTROL |
| AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000180 - The Apache web server log files must only be accessible by privileged users. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000180 - The Apache web server log files must only be accessible by privileged users. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U2-000630 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-W1-000180 - The Apache web server log files must only be accessible by privileged users. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - mod_proxy | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - mod_proxy | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - ProxyPass | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000930 - The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AS24-W2-000580 - The Apache web server document directory must be in a separate partition from the Apache web servers system files. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DISA_Microsoft_Exchange_2019_Mailbox_Server_STIG_v2r2.audit from DISA Microsoft Exchange 2019 Mailbox Server v2r2 STIG | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | |
| DISA_STIG_Apache_Site-2.4_Unix_v2r6_Middleware.audit from DISA Apache Server 2.4 UNIX Site v2r6 STIG | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | |
| DISA_SUSE_Linux_Enterprise_Server_15_STIG_v2r4.audit from DISA SUSE Linux Enterprise Server 15 STIG v2r4 | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | |
| DTBI015-IE11 - The Internet Explorer warning about certificate address mismatch must be enforced. | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| Limit HTTP methods allowed by the Web Server. | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Limit HTTP methods allowed by the Web Server. | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000074 - OHS log files must only be accessible by privileged users - user/group | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000075 - The log information from OHS must be protected from unauthorized modification - permissions | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000075 - The log information from OHS must be protected from unauthorized modification - user/group | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000131 - OHS must have the LoadModule authz_user_module directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000135 - OHS must have the LoadModule proxy_http_module directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000287 - OHS must have the ListenBacklog properly set to restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000307 - OHS must be tuned to handle the operational requirements of the hosted application. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000015 - ESX Agent Manager must be configured with memory leak protection. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000017 - ESX Agent Manager directory tree must have permissions in an 'out-of-the box' state - out-of-the box state. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-70-000017 - ESX Agent Manager directory tree must have permissions in an out-of-the-box state - out-of-the box state. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000029 - VAMI must disable directory browsing. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-80-000062 The vCenter VAMI service must disable directory listing. | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCRP-67-000007 - The rhttpproxy private key file must be protected from unauthorized access. | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCRP-70-000005 - The Envoy private key file must be protected from unauthorized access. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCST-67-000017 - The Security Token Service directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-70-000017 - The Security Token Service directory tree must have permissions in an out-of-the-box state. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000016 - vSphere UI directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-70-000017 - The vSphere UI directory tree must have permissions in an out-of-the-box state. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - 'Allowed Web Service Extensions' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA070 A22 - A private web server must be located on a separate controlled access subnet. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WG040 A22 - Public web server resources must not be shared with private assets. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WG210 A22 - Web content directories must not be anonymously shared. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WG210 A22 - Web content directories must not be anonymously shared. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | ACCESS CONTROL |
| WG242 A22 - Log file data must contain required data elements. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | AUDIT AND ACCOUNTABILITY |
| WG242 A22 - Log file data must contain required data elements. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
