| 1.1 Remove extraneous files and directories - /webapps/docs | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Disable Unused Connectors | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.2 Alter the Advertised server.number String | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Alter the Advertised server.built Date | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.7 Ensure Sever Header is Modified To Prevent Information Disclosure | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.10 Disable Apache Service | CIS Solaris 11.2 L1 v1.1.0 | Unix | |
| 3.2 Disable the Shutdown port | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Restrict access to $CATALINA_HOME | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.6 Restrict access to Tomcat binaries directory | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.8 Restrict access to Tomcat catalina.properties | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.9 Restrict access to Tomcat catalina.policy | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.15 Restrict access to jaspic-providers.xml | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1 Application specific logging | CIS Apache Tomcat 8 L2 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1 Application specific logging | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1 Application specific logging | CIS Apache Tomcat 11 v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1 Application specific logging | CIS Apache Tomcat 10.1 v1.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.4 Ensure directory in context.xml is a secure location - configuration | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.6 Ensure directory in logging.properties is a secure location - check application log directory is secure | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 9.2 Disabling auto deployment of applications | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.1 Ensure Web content directory is on a separate partition from the Tomcat system files - verify Web content directory | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 10.2 Restrict access to the web administration application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 10.3 Restrict manager application | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 10.5 Rename the manager application - webapps/manager | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.6 Enable strict servlet Compliance | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.8 Do not allow additional path delimiters - ALLOW_BACKSLASH | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.10 Configure maxHttpHeaderSize | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.12 Do not allow symbolic linking | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 10.14 Do not allow cross context requests | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 10.15 Do not resolve hosts on logging valves | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 10.17 Setting Security Lifecycle Listener - check for config component | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - context.xml | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000900 - The Apache web server must remove all export ciphers to protect the confidentiality and integrity of transmitted information. | DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000900 - The Apache web server must remove all export ciphers to protect the confidentiality and integrity of transmitted information. | DISA STIG Apache Server 2.4 Unix Server v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced. | DISA STIG Apache Server 2.4 Windows Server v3r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DISA_Microsoft_Windows_11_STIG_v2r3.audit from DISA Microsoft Windows 11 STIG v2r3 | DISA Microsoft Windows 11 STIG v2r3 | Windows | |
| DISA_STIG_Microsoft_Excel_2013_v1r8.audit from DISA Microsoft Excel 2013 v1r8 STIG | DISA STIG Microsoft Excel 2013 v1r8 | Windows | |
| DISA_STIG_Microsoft_Excel_2016_v2r1.audit from DISA Microsoft Excel 2016 v2r1 STIG | DISA STIG Microsoft Excel 2016 v2r1 | Windows | |
| DISA_STIG_Microsoft_InfoPath_2013_v1r6.audit from DISA Microsoft InfoPath 2013 v1r6 STIG | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | |
| DISA_STIG_Microsoft_PowerPoint_2010_v1r11.audit from DISA Microsoft PowerPoint 2010 v1r11 STIG | DISA STIG Office 2010 PowerPoint v1r11 | Windows | |
| DISA_STIG_Microsoft_PowerPoint_2013_v1r7.audit from DISA Microsoft PowerPoint 2013 v1r7 STIG | DISA STIG Microsoft PowerPoint 2013 v1r7 | Windows | |
| DISA_STIG_Microsoft_Project_2010_v1r10.audit from DISA Microsoft Project 2010 v1r10 STIG | DISA STIG Office 2010 Project v1r10 | Windows | |
| DISA_STIG_Microsoft_Publisher_2010_v1r12.audit from DISA Microsoft Publisher 2010 v1r12 STIG | DISA STIG Office 2010 Publisher v1r12 | Windows | |
| DISA_STIG_Microsoft_Publisher_2013_v1r6.audit from DISA Microsoft Publisher 2013 v1r6 STIG | DISA STIG Microsoft Publisher 2013 v1r6 | Windows | |
| DISA_STIG_Microsoft_Word_2013_v1r7.audit from DISA Microsoft Word 2013 v1r7 STIG | DISA STIG Microsoft Word 2013 v1r7 | Windows | |
| DISA_STIG_Solaris_10_SPARC_v2r4.audit from DISA Solaris 10 SPARC v2r4 STIG | DISA STIG Solaris 10 SPARC v2r4 | Unix | |
