| 1.1.4.1.3 Ensure 'Consistent Mime Handling' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.76 (L2) Ensure 'Control where security restrictions on insecure origins apply' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure Managed Object Browser (MOB) is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | ACCESS CONTROL, MEDIA PROTECTION |
| 11.1 Ensure SELinux Is Enabled in Enforcing Mode | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 11.4 Ensure Only the Necessary SELinux Booleans Are Enabled | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 11.4 Ensure Only the Necessary SELinux Booleans Are Enabled | CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - tftp-server | Juniper Hardening JunOS 12 Devices Checklist | Juniper | CONFIGURATION MANAGEMENT |
| AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed connect | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed connect | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed startup | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed startup | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Directory access permissions should be restricted. | TNS IBM HTTP Server Best Practice | Windows | ACCESS CONTROL |
| DTBI515-IE11 - Websites in less privileged web content zones must be prevented from navigating into the Internet zone. | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTOO177 - Office System - Access to updates, add-ins, and patches on Office.com must be disabled. | DISA STIG Office System 2010 v1r13 | Windows | CONFIGURATION MANAGEMENT |
| EX13-CA-000150 - Exchange OWA must use https - Internal | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000015 - HTTPS must be enabled for JBoss web interfaces. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| JBOS-AS-000470 - Network access to HTTP management must be disabled on domain-enabled application servers not designated as the domain controller. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| OH12-1X-000194 - OHS must be set to evaluate deny directives first when considering whether to serve a file. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000195 - OHS must deny all access by default when considering whether to serve a file. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000221 - A private OHS list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000281 - OHS must have the DocumentRoot directive set to a separate partition from the OHS system files. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000282 - OHS must have the Directory directive accompanying the DocumentRoot directive set to a separate partition from the OHS system files. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SHPT-00-000127 - The 'Automatically delete the site collection if use is not confirmed' property must not be enabled for web applications. | DISA STIG SharePoint 2010 v1r9 | Windows | CONFIGURATION MANAGEMENT |
| SHPT-00-000130 - For environments requiring an Internet-facing capability, the SharePoint application server upon which Central Administration is installed must not be installed in the DMZ. | DISA STIG SharePoint 2010 v1r9 | Windows | ACCESS CONTROL |
| SP13-00-000155 - For environments requiring an Internet-facing capability, the SharePoint application server upon which Central Administration is installed, must not be installed in the DMZ. | DISA STIG SharePoint 2013 v2r4 | Windows | ACCESS CONTROL |
| SYMP-AG-000120 - Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur - enabled | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000120 - Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur - policy rules | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner - Path | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner - Username | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| Timeout value parameter value should be appropriately configured | TNS IBM HTTP Server Best Practice | Unix | ACCESS CONTROL |
| Timeout value parameter value should be appropriately configured | TNS IBM HTTP Server Best Practice Middleware | Unix | ACCESS CONTROL |
| Timeout value parameter value should be appropriately configured | TNS IBM HTTP Server Best Practice | Windows | ACCESS CONTROL |
| VCLD-67-000020 - VAMI must have resource mappings set to disable the serving of certain file types. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-80-000033 The vCenter VAMI service must have resource mappings set to disable the serving of certain file types. | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCWN-06-000012 - The system must disable the distributed virtual switch health check. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000018 - All port groups must be configured to a value other than that of the native VLAN. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000020 - All port groups must not be configured to VLAN values reserved by upstream physical switches. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000012 - The vCenter Server for Windows must disable the distributed virtual switch health check. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000013 - The vCenter Server for Windows must set the distributed port group Forged Transmits policy to reject. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000015 - The vCenter Server for Windows must set the distributed port group Promiscuous Mode policy to reject. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000009 - Unauthorized CD/DVD devices must be disconnected on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - '.asa' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - '.asax' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - '.inc' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WA00540 A22 - The web server must be configured to explicitly deny access to the OS root - Deny | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WA00540 A22 - The web server must be configured to explicitly deny access to the OS root - Deny | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA00540 A22 - The web server must be configured to explicitly deny access to the OS root - Order | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WA00540 A22 - The web server must be configured to explicitly deny access to the OS root - Order | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WG355 W22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
