| 4.2 Ensure HTTP Server Is Disabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure HTTP Server Is Disabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure HTTP Server Is Disabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.4 Ensure Default HTML Content Is Removed - 'httpd-manual is not installed' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Ensure Default HTML Content Is Removed - 'httpd-manual is not installed' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.5 Ensure the Default CGI Content printenv Script Is Removed | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active Rules | CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia Level | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 11.2 Ensure Apache Processes Run in the httpd_t Confined Context | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| AS24-U1-000010 - The Apache web server must limit the number of allowed simultaneous session requests | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000010 - The Apache web server must limit the number of allowed simultaneous session requests. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | ACCESS CONTROL |
| AS24-U1-000230 - Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000780 - The Apache web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000780 - The Apache web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| AS24-U2-000300 - The Apache web server must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AS24-W1-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000730 - The Apache web server must be configurable to integrate with an organizations security infrastructure. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| DTOO165 - Beaconing of UI forms with ActiveX controls must be enforced. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Management Access Policy - HTTPS - Allow Credentials | Tenable Cisco ACI | Cisco_ACI | CONFIGURATION MANAGEMENT |
| OH12-1X-000001 - OHS must have the mpm property set to use the worker Multi-Processing Module (MPM) as the preferred means to limit the number of allowed simultaneous requests. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000002 - OHS must have the mpm_prefork_module directive disabled so as not conflict with the worker directive used to limit the number of allowed simultaneous requests. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000003 - OHS must have the MaxClients directive defined to limit the number of allowed simultaneous requests. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000005 - OHS must limit the number of worker processes to limit the number of allowed simultaneous requests. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000160 - OHS must have the AddHandler directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000215 - All utility programs, not necessary for operations, must be removed or disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000001 - ESX Agent Manager must limit the amount of time that each TCP connection is kept alive. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | ACCESS CONTROL |
| VCFL-67-000024 - vSphere Client must be configured to show error pages with minimal information. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-70-000003 - VAMI must use cryptography to protect the integrity of remote sessions. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-70-000027 - VAMI must be configured to hide the server type and version in client responses - DoS attacks. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-80-000098 The vCenter VAMI service must be configured to hide the server type and version in client responses. | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000023 - Lookup Service must be configured to hide the server version. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-67-000001 - Performance Charts must limit the amount of time that each TCP connection is kept alive. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | ACCESS CONTROL |
| VCPF-70-000001 - Performance Charts must limit the amount of time that each Transport Control Protocol (TCP) connection is kept alive. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | ACCESS CONTROL |
| VCST-67-000001 - The Security Token Service must limit the amount of time that each TCP connection is kept alive. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | ACCESS CONTROL |
| VCST-70-000001 - The Security Token Service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | ACCESS CONTROL |
| VCST-70-000024 - The Security Token Service must be configured to not show error reports. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000023 - vSphere UI must be configured to show error pages with minimal information. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-70-000001 - vSphere UI must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | ACCESS CONTROL |
| VCUI-70-000023 - The vSphere UI must not show directory listings. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-70-000025 - vSphere UI must be configured to show error pages with minimal information. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-80-000125 The vCenter UI service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | ACCESS CONTROL |
| WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - 'AddHandler' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'ASP Default Language set to VBScript' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'Enable Parent Paths set to False' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'Virtual Directories - Enable Parent Paths set to False' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
