| 2.1.17 Ensure web proxy server services are not in use | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.18 Ensure web proxy server services are not in use | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS Oracle Linux 8 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Ensure 'forms authentication' require SSL - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Ensure 'forms authentication' require SSL - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Ensure 'credentials' are not stored in configuration files | CIS IIS 8.0 v1.5.1 Level 2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.4 Ensure non-ASCII characters in URLs are not allowed | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 10.1 Ensure Web content directory is on a separate partition from the Tomcat system files (verify Web content directory) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.2 Ensure the LimitRequestFields Directive is Set to 100 or Less | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 10.2 Ensure the LimitRequestFields Directive is Set to 100 or Less | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000550 - The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000020 - The Apache web server must perform server-side session management - session_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AS24-W1-000020 - The Apache web server must perform server-side session management - session_module | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | ACCESS CONTROL |
| AS24-W1-000020 - The Apache web server must perform server-side session management - usertrack_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AS24-W1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - Javascript setCookie | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - Javascript setCookie | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000550 - The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000550 - The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - Javascript setCookie | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DISA_STIG_Microsoft_Windows_2012_Server_DNS_v2r7.audit from DISA Microsoft Windows 2012 Server Domain Name System v2r7 STIG | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | |
| File permissions in the root document should only be accessible by administrator | TNS IBM HTTP Server Best Practice | Windows | |
| File permissions in the root document should only be accessible by administrator | TNS IBM HTTP Server Best Practice Middleware | Unix | |
| File permissions in the root document should only be accessible by administrator | TNS IBM HTTP Server Best Practice | Unix | |
| OH12-1X-000058 - OHS must have a SSL log format defined for log records that allow the establishment of where within OHS the events occurred. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000059 - OHS must have a log file defined for each site/virtual host to capture logs generated that allow the establishment of where within OHS the events occurred. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| Server version information parameters should be turned off - 'ServerTokens Prod' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Server version information parameters should be turned off - 'ServerTokens Prod' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000030 - ESX Agent Manager must disable the shutdown port. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000033 - VAMI must be protected from being stopped by a non-privileged user. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-70-000023 - VAMI must be protected from being stopped by a nonprivileged user. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLU-70-000030 - Lookup Service must disable the shutdown port. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000029 - The Security Token Service must disable the shutdown port. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-70-000029 - The Security Token Service must disable the shutdown port. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-65-006000 - The vCenter Server for Windows must disable SNMPv1. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| WA000-WI6098 IIS6 - The MaxRequestEntityAllowed metabase value must be defined. - 'IisWebDirectorySetting' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG330 A22 - A public web server must limit email to outbound only - netstat | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG330 A22 - A public web server must limit email to outbound only - netstat | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
