| 1.6 Support Web Access Security - b) ssl-context field | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.29 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (DC only) - Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE (DC only) | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.6 Turn off TRACE | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2 Ensure 'debug' is turned off - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure OverRide Is Disabled for the OS Root Directory | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 4.3 Ensure OverRide Is Disabled for the OS Root Directory | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 4.3 Ensure OverRide Is Disabled for the OS Root Directory | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 4.4 Ensure OverRide Is Disabled for All Directories | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 4.4 Ensure OverRide Is Disabled for All Directories | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 4.4 Ensure OverRide Is Disabled for All Directories | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 4.10 Ensure 'notListedCgisAllowed' is set to false | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 6.1 Ensure FTP requests are encrypted - Control Channel Sites | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure FTP Logon attempt restrictions is enabled - Deny By Failure Enabled | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure the Server's Private Key Is Protected | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 7.3 Ensure the Server's Private Key Is Protected | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| HTTP vs. HTTPS - idle-timeout | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| Keep Alive setting parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Keep Alive setting parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Windows | ACCESS CONTROL |
| Keep Alive setting parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000020 - OHS must have the OraLogMode set to Oracle Diagnostic Logging text mode to generate information to be used by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000023 - OHS must have the log rotation parameter set to allow generated information to be used by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000025 - OHS must have a SSL log format defined to allow generated information to be used by external applications or entities to monitor and control remote access in accordance with the categorization of data hosted by the web server. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000026 - OHS must have a log file defined for each site/virtual host to capture information to be used by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited - Syslog Enabled | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| VCLD-67-000017 - VAMI must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-70-000012 - VAMI must explicitly disable Multipurpose Internet Mail Extensions (MIME) mime mappings based on 'Content-Type'. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-80-000031 The vCenter VAMI service must explicitly disable Multipurpose Internet Mail Extensions (MIME) mime mappings based on "Content-Type". | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCWN-65-000023 - The vCenter Server for Windows must configure the vpxuser auto-password to be changed every 30 days. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - -+IncludesNOEXEC|-Includes | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - -+IncludesNOEXEC|-Includes | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - +Includes | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - None | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - None | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - Options None | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - Options None | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WA000-WWA054 W22 - Server side includes (SSIs) must run with execution capability disabled. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG340 W22 - A private web server must utilize an approved TLS version. - 'SSLEngine' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 A22 - Public web servers must use TLS if authentication is required. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 A22 - Public web servers must use TLS if authentication is required. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - '128-Bit Encryption Enabled' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'SSL 3.0 Client' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'SSL 3.0 Server' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'SSL Enabled' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'TLS 1.0 Client' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'TLS 1.0 Server' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'CGI Directory Permissions' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | |
| WN16-DC-000130 - Domain controllers must run on a machine dedicated to that function. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN19-DC-000130 - Windows Server 2019 domain controllers must run on a machine dedicated to that function. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
