| 1.2 Ensure the Server Is Not a Multi-Use System | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Ensure the Server Is Not a Multi-Use System | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Ensure the Server Is Not a Multi-Use System | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.17 Ensure web proxy server services are not in use | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure web proxy server services are not in use | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.18 Ensure web proxy server services are not in use | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2 Ensure access to sensitive site features is restricted to authenticated principals only | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL |
| 2.2 Ensure Access to Sensitive Site Features Is Restricted To Authenticated Principals Only - Default | CIS IIS 7 L1 v1.8.0 | Windows | |
| 2.2.17 Ensure web proxy server services are not in use | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS AlmaLinux OS 8 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.37.3.1 Ensure 'Open Office documents as read/write while browsing' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Ensure 'credentials' are not stored in configuration files - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.5 Ensure Double-Encoded Requests will be Rejected - Applications | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or Less | CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or Less | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or Less | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000550 - The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000057 - OHS must have a log format defined for log records that allow the establishment of where within OHS the events occurred. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000059 - OHS must have a log file defined for each site/virtual host to capture logs generated that allow the establishment of where within OHS the events occurred. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000225 - Symbolic links must not be used in the web content directory tree. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| Server version information parameters should be turned off - 'ServerSignature Off' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Server version information parameters should be turned off - 'ServerSignature Off' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Server version information parameters should be turned off - 'ServerTokens Prod' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Server version information parameters should be turned off - 'ServerTokens Prod' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Server version information parameters should be turned off - 'ServerTokens Prod' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI100 IIS6 - The File System Object component, if not required, must be disabled. - '{0D43FE01-F093-11CF-8940-00A0C9054228} Check' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI100 IIS6 - The File System Object component, if not required, must be disabled. - 'Scripting.FileSystemObject Check' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI110 IIS6 - The command shell options must be disabled. | DISA STIG IIS 6.0 Server v6r16 | Windows | ACCESS CONTROL |
| WA000-WI6080 IIS6 - The AllowRestrictedChars registry key must be disabled. | DISA STIG IIS 6.0 Server v6r16 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WA000-WI6086 IIS6 - The MaxFieldLength registry entry must be set properly. | DISA STIG IIS 6.0 Server v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6090 IIS6 - The UrlSegmentMaxLength registry entry must be set properly. | DISA STIG IIS 6.0 Server v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6098 IIS6 - The MaxRequestEntityAllowed metabase value must be defined. - 'IisWebFileSetting' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6098 IIS6 - The MaxRequestEntityAllowed metabase value must be defined. - 'IisWebServerSetting' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA00565 W22 - HTTP request methods must be limited. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WatchGuard : NTP Servers | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | AUDIT AND ACCOUNTABILITY |
| WG210 IIS6 - Web content directories must not be anonymously shared. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG235 A22 - Web Administrators must only use encrypted connections for Document Root directory uploads. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | |
| WG235 W22 - Web Administrators must only use encrypted connections for Document Root directory uploads. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | |
| WG255 A22 - Access to the web server log files must be restricted to administrators, web administrators, and auditors. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
