| DISA_STIG_VMware_vSphere_6.7_VAMI-lighttpd_v1r3.audit from DISA VMware vSphere 6.7 VAMI-lighttpd v1r3 STIG | |
| VCLD-67-000001 - VAMI must limit the number of simultaneous requests. | ACCESS CONTROL |
| VCLD-67-000002 - VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000003 - VAMI must use cryptography to protect the integrity of remote sessions. | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000004 - VAMI must be configured to monitor remote access. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCLD-67-000005 - VAMI must generate log records for system startup and shutdown. | AUDIT AND ACCOUNTABILITY |
| VCLD-67-000006 - VAMI must produce log records containing sufficient information to establish what type of events occurred. | AUDIT AND ACCOUNTABILITY |
| VCLD-67-000011 - VAMI log files must only be accessible by privileged users - access.log | AUDIT AND ACCOUNTABILITY |
| VCLD-67-000011 - VAMI log files must only be accessible by privileged users - error.log | AUDIT AND ACCOUNTABILITY |
| VCLD-67-000014 - Rsyslog must be configured to monitor VAMI logs. | AUDIT AND ACCOUNTABILITY |
| VCLD-67-000015 - VAMI server binaries and libraries must be verified for their integrity. | CONFIGURATION MANAGEMENT |
| VCLD-67-000016 - VAMI must only load allowed server modules - mod_access | CONFIGURATION MANAGEMENT |
| VCLD-67-000016 - VAMI must only load allowed server modules - mod_accesslog | CONFIGURATION MANAGEMENT |
| VCLD-67-000016 - VAMI must only load allowed server modules - mod_cgi | CONFIGURATION MANAGEMENT |
| VCLD-67-000016 - VAMI must only load allowed server modules - mod_magnet | CONFIGURATION MANAGEMENT |
| VCLD-67-000016 - VAMI must only load allowed server modules - mod_proxy | CONFIGURATION MANAGEMENT |
| VCLD-67-000016 - VAMI must only load allowed server modules - mod_rewrite | CONFIGURATION MANAGEMENT |
| VCLD-67-000016 - VAMI must only load allowed server modules - mod_setenv | CONFIGURATION MANAGEMENT |
| VCLD-67-000017 - VAMI must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. | CONFIGURATION MANAGEMENT |
| VCLD-67-000018 - VAMI must explicitly disable Multipurpose Internet Mail Extensions (MIME) mappings based on 'Content-Type' - Content-Type. | CONFIGURATION MANAGEMENT |
| VCLD-67-000019 - VAMI must remove all mappings to unused scripts - cgi | CONFIGURATION MANAGEMENT |
| VCLD-67-000019 - VAMI must remove all mappings to unused scripts - erb | CONFIGURATION MANAGEMENT |
| VCLD-67-000019 - VAMI must remove all mappings to unused scripts - pl | CONFIGURATION MANAGEMENT |
| VCLD-67-000019 - VAMI must remove all mappings to unused scripts - py | CONFIGURATION MANAGEMENT |
| VCLD-67-000019 - VAMI must remove all mappings to unused scripts - rb | CONFIGURATION MANAGEMENT |
| VCLD-67-000020 - VAMI must have resource mappings set to disable the serving of certain file types. | CONFIGURATION MANAGEMENT |
| VCLD-67-000021 - VAMI must not have the Web Distributed Authoring (WebDAV) servlet installed. | CONFIGURATION MANAGEMENT |
| VCLD-67-000022 - VAMI must prevent hosted applications from exhausting system resources. | CONFIGURATION MANAGEMENT |
| VCLD-67-000023 - VAMI must not have any symbolic links in the web content directory tree. | CONFIGURATION MANAGEMENT |
| VCLD-67-000025 - VAMI must protect the keystore from unauthorized access. | IDENTIFICATION AND AUTHENTICATION |
| VCLD-67-000026 - VAMI must restrict access to the web root. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000027 - VAMI must protect against or limit the effects of HTTP types of denial-of-service (DoS) attacks. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000028 - VAMI must set the encoding for all text mime types to UTF-8. | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-67-000029 - VAMI must disable directory browsing. | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-67-000030 - VAMI must not be configured to use 'mod_status' - mod_status. | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-67-000031 - VAMI must have debug logging disabled. | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-67-000032 - VAMI configuration files must be protected from unauthorized access - etc | CONFIGURATION MANAGEMENT |
| VCLD-67-000032 - VAMI configuration files must be protected from unauthorized access - opt | CONFIGURATION MANAGEMENT |
| VCLD-67-000033 - VAMI must be protected from being stopped by a non-privileged user. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - sslv2 | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - sslv3 | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv11 | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv12 | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000999 - The version of VAMI-lighttpd running on the system must be a supported version. | SYSTEM AND INFORMATION INTEGRITY |
