| 2.5.14.3.15 (L1) Ensure 'Display Level 1 attachments' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.1.2 (L1) Ensure 'Default geolocation setting' is set to 'Enabled: Do not allow any site to track the users' physical location' | CIS Google Chrome L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.2.7 minalpha | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.15 Ensure only strong MAC algorithms are used - sshd | CIS CentOS 6 Server L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-004002 - The macOS system must configure Apple System Log (ASL) files to mode 640 or less permissive. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000130 - An Apache web server, behind a load balancer or proxy server, must produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000190 - The log information from the Apache web server must be protected from unauthorized modification or deletion. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000310 - The Apache web server must allow the mappings to unused and vulnerable scripts to be removed. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000440 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions - reqtimeout_module | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000710 - The Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000710 - The Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000750 - The Apache web server must generate log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) which are stamped at a minimum granularity of one second | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000750 - The Apache web server must generate log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) which are stamped at a minimum granularity of one second. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000870 - Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to prohibit client-side scripts from reading the cookie data | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000900 - The Apache web server must remove all export ciphers to protect the confidentiality and integrity of transmitted information. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000930 - The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U1-000930 - The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U2-000240 - The Apache web server must not perform user management for hosted applications. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U2-000300 - The Apache web server must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U2-000540 - The Apache web server must augment re-creation to a stable and known baseline. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U2-000680 - The Apache web server must restrict inbound connections from nonsecure zones. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | ACCESS CONTROL |
| AS24-U2-000810 - The Apache web server must only accept client certificates issued by DOD PKI or DoD-approved PKI Certification Authorities (CAs) - CAs. | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000250 - The Apache web server must only contain services and functions necessary for operation - SetHandler other | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000310 - The Apache web server must allow the mappings to unused and vulnerable scripts to be removed. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed startup | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - RequestReadTimeout | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | ACCESS CONTROL |
| AS24-W1-000680 - The Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | ACCESS CONTROL |
| AS24-W1-000710 - The Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000760 - The Apache web server must generate log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) with a minimum granularity of one second - log_config_module | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000960 - The Apache web server software must be a vendor-supported version. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W2-000310 - The Apache web server must allow the mappings to unused and vulnerable scripts to be removed. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W2-000360 - The Apache web server must be configured to use a specified IP address and port - IP or Port Only | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W2-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W2-000560 - The Apache web server must be configured to provide clustering - mod_proxy | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W2-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AS24-W2-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AS24-W2-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - RequestReadTimeout | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | ACCESS CONTROL |
| AS24-W2-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | ACCESS CONTROL |
| AS24-W2-000870 - Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to prohibit client-side scripts from reading the cookie data - Session On | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-010291 - The OL 8 SSH server must be configured to use only ciphers employing FIPS 140-2 validated cryptographic algorithms. | DISA Oracle Linux 8 STIG v2r4 | Unix | MAINTENANCE |
| WPAW-00-000200 - Site IT resources designated as high value by the Authorizing Official (AO) must be remotely managed only via a Windows privileged access workstation (PAW) - AO must be remotely managed only via PAW | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT |
