| 1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPS | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443 | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4 Ensure 'application pool identity' is configured for all application pools | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.4 Ensure 'application pool identity' is configured for all application pools | CIS IIS 8.0 v1.5.1 Level 1 | Windows | ACCESS CONTROL |
| 2.1 Ensure 'global authorization rule' is set to restrict access | CIS IIS 7 L1 v1.8.0 | Windows | ACCESS CONTROL |
| 2.1 Ensure 'global authorization rule' is set to restrict access | CIS IIS 8.0 v1.5.1 Level 1 | Windows | ACCESS CONTROL |
| 2.2.28 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' - LOCAL SERVICE, NETWORK SERVICE | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 2.2.28 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' - LOCAL SERVICE, NETWORK SERVICE | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure 'maxURL request filter' is configured | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 5.38 (L1) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.38 Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.41 (L1) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 5.41 (L1) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 5.42 (L1) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.43 (L1) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 6.1 Ensure FTP requests are encrypted | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure FTP requests are encrypted - Control Channel Default | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure FTP requests are encrypted - Control Channel Sites | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure FTP requests are encrypted - Data Channel Sites | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 81.43 (L1) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| DISA_IIS_6.0_Web_Server_v6r16.audit from DISA Microsoft IIS 6.0 Server v6r16 STIG | DISA STIG IIS 6.0 Server v6r16 | Windows | |
| DISA_STIG_Apache_Site-2.4_Unix_v2r6_Middleware.audit from DISA Apache Server 2.4 UNIX Site v2r6 STIG | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | |
| Ensure HTTP server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| EX13-CA-000155 - Exchange OWA must have S/MIME Certificates enabled. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000283 - Exchange must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events. | DISA IIS 10.0 Server v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000110 - The IIS 10.0 web server must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 10.0 web server events. | DISA IIS 10.0 Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000111 - The IIS 10.0 web server must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. | DISA IIS 10.0 Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000134 - The IIS 10.0 web server must use cookies to track session state. | DISA IIS 10.0 Server v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000135 - The IIS 10.0 web server must accept only system-generated session identifiers. | DISA IIS 10.0 Server v3r3 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 10.0 web server | DISA IIS 10.0 Server v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 10.0 web server. | DISA IIS 10.0 Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000158 - Unspecified file extensions on a production IIS 10.0 web server must be removed. | DISA IIS 10.0 Server v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000158 - Unspecified file extensions on a production IIS 10.0 web server must be removed. | DISA IIS 10.0 Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000159 - The IIS 10.0 web server must have a global authorization rule configured to restrict access. | DISA IIS 10.0 Server v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SV-000102 - The enhanced logging for the IIS 8.5 web server must be enabled and capture all user and web server events. | DISA IIS 8.5 Server v2r7 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000110 - The IIS 8.5 web server must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 8.5 web server events. | DISA IIS 8.5 Server v2r7 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000111 - The IIS 8.5 web server must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. | DISA IIS 8.5 Server v2r7 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000135 - The IIS 8.5 web server must limit the amount of time a cookie persists. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000158 - Unspecified file extensions on a production IIS 8.5 web server must be removed. | DISA IIS 8.5 Server v2r7 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SV-000159 - The IIS 8.5 web server must have a global authorization rule configured to restrict access. | DISA IIS 8.5 Server v2r7 | Windows | CONFIGURATION MANAGEMENT |
| SHPT-00-000127 - The 'Automatically delete the site collection if use is not confirmed' property must not be enabled for web applications. | DISA STIG SharePoint 2010 v1r9 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI080 IIS6 - The IIS Internet Printing Protocol must be disabled. | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6040 IIS6 - A unique non-privileged account must be used to run Worker Process Identities. - 'AppPoolIdentityType Check' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WG220 IIS6 - Access to web administration tools must be restricted to the Web Manager and the Web Manager's designees. | DISA STIG IIS 6.0 Server v6r16 | Windows | |
| WG280 - The access control files are owned by a privileged web server account - .htaccess exist | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG280 - The access control files are owned by a privileged web server account - APP_Config_files | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WG280 - The access control files are owned by a privileged web server account - HTACCESS_DIR | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WG280 - The access control files are owned by a privileged web server account - HTACCESS_DIR | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WG280 - The access control files are owned by a privileged web server account - HTTPD_CONFIG_DIRECTORY/httpd.conf | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
