| 1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPS | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443 | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Ensure the Log Config Module Is Enabled | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.8 Ensure a web server is not installed | CIS Amazon Linux 2023 Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.9 Ensure HTTP server is not installed | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.9 Ensure HTTP server is not installed | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.9 Ensure HTTP server is not installed | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.9 Ensure HTTP server is not installed | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.10 Ensure a web server is not installed | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.10 Ensure a web server is not installed | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.10 Ensure HTTP server is not enabled | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.10 Ensure HTTP server is not enabled | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.11 Ensure HTTP server is not installed | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.11 Ensure HTTP server is not installed | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 3.10 Ensure global .NET trust level is configured - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.10 Ensure global .NET trust level is configured - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| AS24-U1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U1-000930 - The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U1-000930 - The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U2-000630 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-W1-000180 - The Apache web server log files must only be accessible by privileged users. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - ProxyPass | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000930 - The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AS24-W2-000610 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AS24-W2-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DISA_Microsoft_Exchange_2019_Edge_Server_STIG_v2r2.audit from DISA Microsoft Exchange 2019 Edge Server v2r2 STIG | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | |
| DISA_STIG_Microsoft_Exchange_2013_Mailbox_Server_v2r3.audit from DISA Microsoft Exchange 2013 Mailbox Server v2r3 STIG | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DISA_STIG_Microsoft_Exchange_2016_Mailbox_Server_v2r6.audit from DISA Microsoft Exchange 2016 Mailbox Server v2r6 STIG | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IIST-SI-000221 - Anonymous IIS 10.0 website access accounts must be restricted. | DISA IIS 10.0 Site v2r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000258 - The application pools rapid fail protection for each IIS 10.0 website must be enabled. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| Limit HTTP methods allowed by the Web Server. | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| OH12-1X-000074 - OHS log files must only be accessible by privileged users - permissions | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000218 - OHS content and configuration files must be part of a routine backup program. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000226 - OHS administration must be performed over a secure path or at the local console. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000352 - OHS must have production information removed from error documents to minimize the identity of OHS, patches, loaded modules, and directory paths in warning and error messages displayed to clients. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SP13-00-000005 - SharePoint must support the requirement to initiate a session lock after 15 minutes of system or application inactivity has transpired. | DISA STIG SharePoint 2013 v2r4 | Windows | ACCESS CONTROL |
| VCFL-67-000018 - vSphere Client must ensure appropriate permissions are set on the keystore. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCLD-70-000020 - VAMI must disable directory browsing. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-67-000021 - Performance Charts must set the welcome-file node to a default web page. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WA140 A22 - Web server content and configuration files must be part of a routine backup program. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WA140 A22 - Web server content and configuration files must be part of a routine backup program. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA140 IIS6 - Web server content and configuration files must be part of a routine backup program. | DISA STIG IIS 6.0 Server v6r16 | Windows | |
| WA140 W22 - Web server content and configuration files must be part of a routine backup program. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WatchGuard : WINS Servers | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | CONFIGURATION MANAGEMENT |
| WG205 IIS6 - The web document (home) directory must be on a separate partition from the web servers system files. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG255 W22 - Access to the web server log files must be restricted to Administrators, the user assigned to run the web server software, Web Manager, and Auditors. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| WG345 A22 - The web server must remove all export ciphers from the cipher suite. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
