| Buffer overflow protection should be configured 'LimitRequestBody' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestFields' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestFieldsize' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestline' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CGI-BIN directory should be disabled. 'Directory' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'LoadModule cgi_module' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'LoadModule env_module' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| File permissions in the root document should only be accessible by administrator | TNS IBM HTTP Server Best Practice | Unix | |
| Fortigate - Alert Emails - 'admin address' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| Fortigate - AV License - Not Expired | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - Disable auto USB installation - 'config' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - Does not use self-signed certificate - 'admin' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - Does not use self-signed certificate - 'user' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - External Logging - 'fortianalyzer2' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - External Logging - 'syslog3' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Fortianalyzer3 Logs - severity 'information' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - full-first-warning-threshold <= 75% | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - HTTPS/SSH admin access strong ciphers | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - Inactivity timeout - 'global' <= 5 | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - NTP server configuration - *.ntp.org | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Password Expiry date <= 30 days | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - SNMP v3 uses AES instead of DES | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| HTTP TRACE method should be disabled. 'RewriteLog' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteLogLevel' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteRule' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteRule' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Huawei: Disable SNMP write access | TNS Huawei VRP Best Practice Audit | Huawei | ACCESS CONTROL |
| Huawei: Enable AAA authentication | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: Require SSH version 2 | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Keep Alive setting parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Logging Directives should be restricted to authorized users. - 'ErrorLog logs/error_log' | TNS IBM HTTP Server Best Practice | Unix | AUDIT AND ACCOUNTABILITY |
| Non-Essential modules should be disabled. 'mod_dav' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_dav' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_include' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_info' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_status' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Compute - user/group ownership of config files set to root/nova - /etc/nova/policy.json | TNS OpenStack Nova/Compute Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Horizon - SESSION_COOKIE_HTTPONLY parameter set to True | TNS OpenStack Dashboard/Horizon Security Guide | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OpenStack Horizon - SESSION_COOKIE_SECURE parameter set to True | TNS OpenStack Dashboard/Horizon Security Guide | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OpenStack Identity - Identity uses strong hashing algorithms for PKI tokens | TNS OpenStack Keystone/Identity Security Guide | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OpenStack Identity - SSL enabled | TNS OpenStack Keystone/Identity Security Guide | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OpenStack Identity - strict permissions set for Identity configuration files - /etc/keystone/ssl/private/signing_key.pem | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - user/group ownership of config files set to keystone - /etc/keystone/keystone-paste.ini | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - user/group ownership of config files set to keystone - /etc/keystone/ssl/private/signing_key.pem | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Networking - keystone used for authentication | TNS OpenStack Neutron/Networking Security Guide | Unix | IDENTIFICATION AND AUTHENTICATION |
| OpenStack Networking - secure protocol used for authentication | TNS OpenStack Neutron/Networking Security Guide | Unix | |
| OpenStack Networking - SSL enabled on Neutron API server | TNS OpenStack Neutron/Networking Security Guide | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS Token Endpoint URL' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| SalesForce.com : Setting Session Security - 'Review Active Users' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Server version information parameters should be turned off - 'ServerSignature Off' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
