| 2.1 Ensure 'Block File Types' is configured to match the enterprise blacklist | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 (L1) Ensure vSphere Authentication Proxy is used when adding hosts to Active Directory | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | ACCESS CONTROL |
| 3.9 Ensure that SharePoint application servers are protected by a reverse proxy | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | |
| 3.9 Ensure that SharePoint application servers are protected by a reverse proxy | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | |
| 3.11 Ensure 'encryption providers' are locked down | CIS IIS 7 L2 v1.8.0 | Windows | ACCESS CONTROL |
| 4.2.12 Ensure `httpPort` attribute set to `-1` | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6 Ensure 'HTTP Trace Method' is disabled - Default | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.9 Ensure 'notListedIsapisAllowed' is set to false | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 5.1.2 Ensure only approved HTTP methods are allowed | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 6.1 Ensure FTP requests are encrypted - Control Channel Default | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure FTP requests are encrypted - Data Channel Default | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure FTP requests are encrypted - Data Channel Sites | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 11.4 Ensure Only the Necessary SELinux Booleans are Enabled | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| AS24-U1-000970 - The Apache web server htpasswd files (if present) must reflect proper ownership and permissions. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| DTOO217 - Outlook - Publishing to a Web Distributed and Authoring (DAV) server must be prevented. | DISA STIG Office 2010 Outlook v1r14 | Windows | CONFIGURATION MANAGEMENT |
| ESXI-65-000004 - Remote logging for ESXi hosts must be configured. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | ACCESS CONTROL |
| IIST-SI-000251 - The IIS 10.0 website must have a unique application pool. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000252 - The maximum number of requests an application pool can process for each IIS 10.0 website must be explicitly set. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000255 - The application pool for each IIS 10.0 website must have a recycle time explicitly set. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000259 - The application pools rapid fail protection settings for each IIS 10.0 website must be managed. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000264 - The required DoD banner page must be displayed to authenticated users accessing a DoD private website. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000251 - The IIS 8.5 website must have a unique application pool. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000252 - The maximum number of requests an application pool can process for each IIS 8.5 website must be explicitly set. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000255 - The application pool for each IIS 8.5 website must have a recycle time explicitly set. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000256 - The maximum queue length for HTTP.sys for each IIS 8.5 website must be explicitly configured. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000257 - The application pools pinging monitor for each IIS 8.5 website must be enabled. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000259 - The application pools rapid fail protection settings for each IIS 8.5 website must be managed. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000264 - The required DoD banner page must be displayed to authenticated users accessing a DoD private website. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-009999 - The version of IIS running on the system must be a supported version. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| OH12-1X-000019 - OHS must have the LoadModule log_config_module directive enabled to generate information to be used by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000021 - OHS must have a log directory location defined to generate information for use by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000022 - OHS must have the OraLogSeverity directive defined to generate adequate information to be used by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000024 - OHS must have a log format defined to generate adequate information to be used by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| SHPT-00-000007 - SharePoint must support the requirement to initiate a session lock after an organizationally defined time period of system or application inactivity has transpired. | DISA STIG SharePoint 2010 v1r9 | Windows | ACCESS CONTROL |
| SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - enable | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - Syslog IP | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited - Syslog IP | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000024 - ESX Agent Manager must be configured to show error pages with minimal information. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-67-000018 - VAMI must explicitly disable Multipurpose Internet Mail Extensions (MIME) mappings based on 'Content-Type' - Content-Type. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-70-000011 - VAMI must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| WBSP-AS-000790 - The WebSphere Application Server wsadmin file must be protected from unauthorized deletion. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | AUDIT AND ACCOUNTABILITY |
| WG145 A22 - The private web server must use an approved DoD certificate validation process. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WG240 IIS6 - Logs of web server access and errors must be established and maintained. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | |
| WG240 W22 - Logs of web server access and errors must be established and maintained. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'PCT 1.0 Client' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'PCT 1.0 Server' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'SSL 2.0 Client' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'SSL 2.0 Server' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 W22 - Public web servers must use TLS if authentication is required. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-DC-000130 - Windows Server 2022 domain controllers must run on a machine dedicated to that function. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
