| 2.2.28 (L1) Ensure 'Log on as a batch job' is set to 'Administrators' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L2) Ensure 'Log on as a batch job' is set to 'Administrators' (DC Only) | CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.36 (L2) Ensure 'Log on as a batch job' is set to 'Administrators' (DC Only) | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.36 (L2) Ensure 'Log on as a batch job' is set to 'Administrators' (DC Only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.49 Ensure 'Log on as a batch job' is set to 'Administrators' (DC Only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure the Autoindex Module Is Disabled | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.5 Ensure the Autoindex Module Is Disabled | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.5 Ensure the Autoindex Module Is Disabled | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.5 Ensure the Autoindex Module Is Disabled | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.3 (L1) Host must deactivate the ESXi Managed Object Browser (MOB) | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.4 Ensure that there are no unused ports on a distributed virtual port group | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 8 - Management IP - .htacess exists | TNS Best Practice Jetty 9 Linux | Unix | |
| 8 - Management IP - review $jetty_home/contexts xml file | TNS Best Practice Jetty 9 Linux | Unix | |
| 10 - Access Control - Security Realms | TNS Best Practice Jetty 9 Linux | Unix | |
| 20.24 Ensure 'Domain Controllers run on a machine dedicated to that function' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.24 Ensure 'Domain Controllers run on a machine dedicated to that function' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| DTOO219 - Access restriction settings for published calendars must be configured. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO219 - Outlook - Access restriction settings for published calendars must be configured. | DISA STIG Office 2010 Outlook v1r14 | Windows | CONFIGURATION MANAGEMENT |
| ESXI-65-000038 - The ESXi host must use the vSphere Authentication Proxy to protect passwords when adding ESXi hosts to Active Directory. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| JBOS-AS-000110 - JBoss must be configured to produce log records containing information to establish what type of events occurred. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000009 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to encrypt remote connections in accordance with the categorization of data hosted by the web server - SSLWallet | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000010 - OHS must have the SSLCipherSuite directive enabled to encrypt remote connections in accordance with the categorization of data hosted by the web server. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000211 - The version of the OHS installation must be vendor supported. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-AG-000120 - Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur - policy rules | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000130 - Symantec ProxySG providing user access control intermediary services must generate audit records showing starting and ending time for user access to the system. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner - Path | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| TCAT-AS-000590 - Applications in privileged mode must be approved by the ISSO. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| VCLU-80-000025 The vCenter Lookup service logs folder permissions must be set correctly. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPF-80-000025 The vCenter Perfcharts service logs folder permissions must be set correctly. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCST-80-000025 The vCenter STS service logs folder permissions must be set correctly. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCUI-80-000025 The vCenter UI service must protect logs from unauthorized access. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCWN-06-000018 - All port groups must be configured to a value other than that of the native VLAN. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000020 - The vCenter Server for Windows must not configure all port groups to VLAN values reserved by upstream physical switches. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000031 - The vCenter Server for Windows must restrict the connectivity between Update Manager and public patch repositories by use of a separate Update Manager Download Server. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - 'global.asa' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - 'global.asax' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WA000-WI070 IIS6 - Indexing Services must only index web content. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI090 IIS6 - Directory browsing must be disabled. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6020 IIS6 - The Recycle Worker processes in minutes monitor must be set properly. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6022 IIS6 - The maximum number of requests an application pool can process must be set. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6024 IIS6 - The maximum virtual memory monitor must be enabled. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6030 IIS6 - The Limit the kernel request queue monitor must be enabled | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6032 IIS6 - The Enable pinging monitor must be enabled. - 'PingInterval set to 30 or more' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6036 IIS6 - The Enable rapid-fail time period monitor must be enabled. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG110 IIS6 - Web sites must limit the number of simultaneous requests. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WG140 IIS6 - A private web sites authentication mechanism must use client certificates. - 'AccessSSL Enabled' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG250 IIS6 - Users other than Auditors group must not have greater than read access to log files. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| WG355 W22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG430 IIS6 - Anonymous FTP users must not have access to interactive scripts. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | |
