| 2.6 Turn off TRACE | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.8 Restrict access to Tomcat catalina.properties | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.9 Restrict access to Tomcat catalina.policy | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.13 Restrict access to Tomcat tomcat-users.xml | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.14 Restrict access to Tomcat web.xml | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2 Use LockOut Realms | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.3 Ensure className is set correctly in context.xml | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.5 Ensure pattern in context.xml is correct | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.6 Ensure directory in logging.properties is a secure location - check log directory location | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 9.2 Disabling auto deployment of applications | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.3 Disable deploy on startup of applications | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.4 Force SSL when accessing the manager application via HTTP | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.8 Do not allow additional path delimiters - ALLOW_BACKSLASH | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.11 Force SSL for all applications | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.17 Setting Security Lifecycle Listener - check for umask present in startup | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions - reqtimeout_module | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | ACCESS CONTROL |
| AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | ACCESS CONTROL |
| AS24-U1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | ACCESS CONTROL |
| AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U2-000700 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | ACCESS CONTROL |
| AS24-U2-000700 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | ACCESS CONTROL |
| AS24-W1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| CIS_Apache_Tomcat_8_L1_v1.1.0_Middleware.audit from CIS Apache Tomcat 8 Benchmark | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | |
| CIS_Apache_Tomcat_10_L1_v1.1.0_Middleware.audit from CIS Apache Tomcat 10 Benchmark | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | |
| DISA_Oracle_11g_Installation_v9r1_OS_Linux.audit from DISA Oracle Database 11g Installation STIG v9r1 STIG | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DISA_Oracle_11g_Installation_v9r1_OS_Windows.audit from DISA Oracle Database 11g Installation STIG v9r1 STIG | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DISA_Oracle_11g_Instance_v9r1_OS_Linux.audit from DISA Oracle Database 11g Instance STIG v9r1 STIG | DISA STIG Oracle 11 Instance v9r1 OS Unix | Unix | |
| DISA_Oracle_11g_Instance_v9r1_OS_Windows.audit from DISA Oracle Database 11g Instance STIG v9r1 STIG | DISA STIG Oracle 11 Instance v9r1 OS Windows | Windows | |
| DISA_STIG_Microsoft_Exchange_2013_Mailbox_Server_v2r3.audit from DISA Microsoft Exchange 2013 Mailbox Server v2r3 STIG | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DISA_STIG_Microsoft_Exchange_2016_Mailbox_Server_v2r6.audit from DISA Microsoft Exchange 2016 Mailbox Server v2r6 STIG | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DISA_STIG_Microsoft_Exchange_2019_Edge_Server_v2r2.audit from DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | |
| DISA_STIG_Microsoft_Exchange_2019_Mailbox_Server_v2r3.audit from DISA Microsoft Exchange 2019 Mailbox Server STIG v2r3 | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r3 | Windows | |
| DISA_STIG_SLES_12_v3r4.audit from DISA SUSE Linux Enterprise Server 12 v3r4 STIG | DISA SLES 12 STIG v3r4 | Unix | |
| DISA_STIG_SUSE_Linux_Enterprise_Server_15_v2r6.audit from DISA SUSE Linux Enterprise Server 15 STIG v2r6 | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | |
| VCUI-80-000142 The vCenter UI service default ROOT web application must be removed. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
