| 1 - Application specific logging - start.jar --module=logging | TNS Best Practice Jetty 9 Linux | Unix | |
| 1.1 Ensure the appropriate MongoDB software version/patches are installed | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | CONFIGURATION MANAGEMENT |
| 2 - Remove or Disable Example Content - enable-welcome-root | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.LEVEL=INFO | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StrErrLog | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3 - Audit Logging - Logger | TNS Best Practice JBoss 7 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3 - Configure log file size limit - Settings | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure that MongoDB only listens for network connections on authorized interfaces | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2 Ensure that MongoDB only listens for network connections on authorized interfaces | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1 Ensure Encryption of Data in Transit TLS/SSL (Transport Encryption) | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Ensure TLS or SSL protects all network communications | CIS MongoDB L1 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Ensure TLS or SSL protects all network communications | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.2.3 (L1) Enable Conditional Access policies to block legacy authentication | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 6 - Run your Instance as non privileged user | TNS Best Practice JBoss 7 Linux | Unix | ACCESS CONTROL |
| 7 - SSL implementation - start.ini --module=http | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7 - SSL implementation - start.ini --module=https | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 11 - JSP Regeneration | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 12 - Restrict access to logs directory - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 12 - Restrict access to logs directory - owner | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 14 - Restrict access to binaries directory - owner | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 14 - SSL Encryption - Modify WSDL Address | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 15 - Authentication | TNS Best Practice JBoss 7 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| 15 - Restrict access to web application directory - owner | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 16 - ORB Subsystem - Initializers On | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 16 - Restrict access to JETTY.policy - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 17 - Restrict access to JETTY.properties - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 19 - Restrict access to logging.properties - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 19 - Restrict access to logging.properties - owner | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 20 - Enable Encryption | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20 - Restrict access to server.xml - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 20 - Restrict access to server.xml - owner | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 23 - Strong password policy must be established | TNS Best Practice Jetty 9 Linux | Unix | |
| 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/doc | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/examples | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/ROOT/admin | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/servlet-example | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 25 - Disable Unused Connectors | TNS Best Practice Jetty 9 Linux | Unix | |
| 27 - Ensure SSLEnabled is set to True for Sensitive Connectors - SSLEnabled | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 27 - Ensure SSLEnabled is set to True for Sensitive Connectors - SSLEngine | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 34 - Ensure Web content directory is on a separate partition from the system files | TNS Best Practice Jetty 9 Linux | Unix | |
| 35 - Do not allow custom header status messages | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 36 - Configure connectionTimeout | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 38 - Force SSL for all applications | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 39 - Increase the entropy in session identifiers | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-007300 MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030211 - The Oracle Linux operating system must label all off-loaded audit logs before sending them to the central log server. | DISA Oracle Linux 7 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030211 - The Red Hat Enterprise Linux operating system must label all off-loaded audit logs before sending them to the central log server. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
