| AS24-U1-000180 - The Apache web server log files must only be accessible by privileged users. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000230 - Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000330 - The Apache web server must have Web Distributed Authoring (WebDAV) disabled. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | ACCESS CONTROL |
| AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000670 - The Apache web server must restrict inbound connections from nonsecure zones. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | ACCESS CONTROL |
| AS24-U1-000730 - The Apache web server must be configured to integrate with an organizations security infrastructure. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000900 - The Apache web server must remove all export ciphers to protect the confidentiality and integrity of transmitted information. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000950 - The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000970 - The Apache web server htpasswd files (if present) must reflect proper ownership and permissions. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000020 - The Apache web server must perform server-side session management - session_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AS24-W1-000020 - The Apache web server must perform server-side session management - usertrack_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000160 - The Apache web server must use a logging mechanism that is configured to alert the (ISSO) and System Administrator (SA) in the event of a processing failure. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000200 - The log information from the Apache web server must be protected from unauthorized deletion and modification. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000240 - The Apache web server must not perform user management for hosted applications. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000360 - The Apache web server must be configured to use a specified IP address and port - Zero IPs Only | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000480 - The Apache web server must accept only system-generated session identifiers. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed startup | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - ProxyPass | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000730 - The Apache web server must be configurable to integrate with an organizations security infrastructure. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000800 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs). | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA230 W22 - The site software used with the web server must have all applicable security patches applied and documented. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WA00612 W22 - The sites error logs must log the correct format. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY |
| WG040 W22 - Public web server resources must not be shared with private assets. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG200 W22 - Administrators must be the only users allowed access to the directory tree, the shell, or other operating system functions and utilities. - 'System32\dllcache\cmd.exe' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG265 W22 - The required DoD banner page must be displayed to authenticated users accessing a DoD private website. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | ACCESS CONTROL |
| WG290 W22 - The web client account access to the content and scripts directories must be limited to read and execute. - 'ScriptAlias' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | |
| WG290 W22 - The web client account access to the content and scripts directories must be limited to read and execute. - 'ScriptAliasMatch' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | |
| WG300 W22 - Web server system files must conform to minimum file permission requirements. - 'bin' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG345 W22 - The web server must remove all export ciphers from the cipher suite. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG355 W22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG385 W22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. - 'extra' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG385 W22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. - 'printenv' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG430 W22 - Anonymous FTP user access to interactive scripts must be prohibited. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | |
| WG490 W22 - Java software on production web servers must be limited to class files and the JAVA virtual machine. - 'ScriptAlias - *.java' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG490 W22 - Java software on production web servers must be limited to class files and the JAVA virtual machine. - 'ScriptAlias - *.jpp' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
