| 9.22 Find World Writable Files | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| APPL-14-004002 The macOS system must configure Apple System Log files to mode 640 or less permissive. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U1-000440 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions - reqtimeout_module | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000710 - The Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000750 - The Apache web server must generate log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) which are stamped at a minimum granularity of one second | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000870 - Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to prohibit client-side scripts from reading the cookie data | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000930 - The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U2-000240 - The Apache web server must not perform user management for hosted applications. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U2-000300 - The Apache web server must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U2-000540 - The Apache web server must augment re-creation to a stable and known baseline. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U2-000680 - The Apache web server must restrict inbound connections from nonsecure zones. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | ACCESS CONTROL |
| AS24-U2-000810 - The Apache web server must only accept client certificates issued by DOD PKI or DoD-approved PKI Certification Authorities (CAs) - CAs. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-013200 - The EDB Postgres Advanced Server must be configured on a platform that has a NIST certified FIPS 140-2 ior 140-3 nstallation of OpenSSL. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WA000-WWA024 A22 - The KeepAliveTimeout directive must be defined. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WA000-WWA026 A22 - The httpd.conf StartServers directive must be set properly. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA032 A22 - The httpd.conf MaxClients directive must be set properly. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WWA032 A22 - The httpd.conf MaxClients directive must be set properly. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA050 A22 - All interactive programs must be placed in a designated directory with appropriate permissions - conf | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - None | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - None | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - Options None | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WA000-WWA060 A22 - The HTTP request message body size must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WWA060 A22 - The HTTP request message body size must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA00500 A22 - Active software modules must be minimized. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA00515 A22 - Automatic directory indexing must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WA00525 A22 - User specific directories must not be globally enabled. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA00525 A22 - User specific directories must not be globally enabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA00530 A22 - The process ID (PID) file must be properly secured | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA00530 A22 - The process ID (PID) file must be properly secured - permissions | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WA00547 A22 - The ability to override the access configuration for the OS root directory must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WA00555 A22 - The web server must be configured to listen on a specific IP address and port - 0.0.0.0:80 | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA00555 A22 - The web server must be configured to listen on a specific IP address and port - listen | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG050 A22 - The web server password(s) must be entrusted to the SA or Web Manager. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WG080 A22 - Installation of a compiler on production web server is prohibited. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WG220 A22 - Web administration tools must be restricted to the web manager and the web manager's designees - AccessConfig | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WG270 A22 - The web server's htpasswd files (if present) must reflect proper ownership and permissions | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WG280 - The access control files are owned by a privileged web server account - HTACCESS_DIR | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WG280 - The access control files are owned by a privileged web server account - HTTPD_CONFIG_DIRECTORY/httpd.conf | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - apache bin/* | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - cgi_bin/* | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - config | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - document root | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - htdocs | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG330 A22 - A public web server must limit email to outbound only - netstat | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG440 A22 - Monitoring software must include CGI or equivalent programs in its scope. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WPAW-00-000200 - Site IT resources designated as high value by the Authorizing Official (AO) must be remotely managed only via a Windows privileged access workstation (PAW) - AO must be remotely managed only via PAW | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT |
