Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
Item Search
Audits
Item Search
Filters (1)
Description
Filename
Plugin
References
Control ID
Relevance
Description
Plugin
Filename
References (Active)
Search by References
Clear All
‹‹ Previous
Previous
Page 1 of 477
• 23845 Total
Next
Next ››
Name
Audit Name
Plugin
Category
WA060 A22 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WA060 A22 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA060 W22 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WA070 A22 - A private web server must be located on a separate controlled access subnet.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WA070 W22 - A private web server must be located on a separate controlled access subnet.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WA230 A22 - The Web site software used with the web server must have all applicable security patches applied and documented.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA00520 A22 - The web server must not be configured as a proxy server.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA00530 W22 - The process ID (PID) file must be properly secured.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WA00535 A22 - The score board file must be properly secured.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA00535 A22 - The score board file must be properly secured.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WA00535 W22 - The ScoreBoard file must be properly secured.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WA00540 A22 - The web server must be configured to explicitly deny access to the OS root - Deny
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA00540 A22 - The web server must be configured to explicitly deny access to the OS root - Order
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA00555 A22 - The web server must be configured to listen on a specific IP address and port - [::ffff:0.0.0.0]:80
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA00555 A22 - The web server must be configured to listen on a specific IP address and port - 0.0.0.0:80
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA00555 A22 - The web server must be configured to listen on a specific IP address and port - 80
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA00555 A22 - The web server must be configured to listen on a specific IP address and port - listen
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA00565 A22 - HTTP request methods must be limited - Deny
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA00565 A22 - HTTP request methods must be limited - LimitExcept
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA00565 A22 - HTTP request methods must be limited - LimitExcept
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WA00565 A22 - HTTP request methods must be limited - Order
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG040 A22 - Public web server resources must not be shared with private assets.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG040 A22 - Public web server resources must not be shared with private assets.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WG040 W22 - Public web server resources must not be shared with private assets.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG050 IIS6 - The web server service password(s) must be entrusted to the SA or Web Manager.
DISA STIG IIS 6.0 Server v6r16
Windows
WG060 W22 - The service account used to run the web service must have its password changed at least annually.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG080 A22 - Installation of a compiler on production web server is prohibited.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WG080 W22 - Installation of a compiler on production web server must be prohibited.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG145 A22 - The private web server must use an approved DoD certificate validation process.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WG145 A22 - The private web server must use an approved DoD certificate validation process.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG204 A22 - A web server must be segregated from other services.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG204 W22 - A web server installation must be segregated from other services.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG220 IIS6 - Access to web administration tools must be restricted to the Web Manager and the Web Manager's designees.
DISA STIG IIS 6.0 Server v6r16
Windows
WG255 A22 - Access to the web server log files must be restricted to administrators, web administrators, and auditors.
DISA STIG Apache Site 2.2 Unix v1r11
Unix
WG270 A22 - The web server's htpasswd files (if present) must reflect proper ownership and permissions
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WG270 W22 - The web server's htpasswd files (if present) must reflect proper ownership and permissions.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG280 - The access control files are owned by a privileged web server account - .htaccess exist
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG280 - The access control files are owned by a privileged web server account - APP_Config_files
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WG280 - The access control files are owned by a privileged web server account - HTACCESS_DIR
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WG330 A22 - A public web server must limit email to outbound only - sendmail
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG330 IIS6 - A public web server must limit e-mail to outbound only.
DISA STIG IIS 6.0 Server v6r16
Windows
WG350 A22 - A private web server will have a valid DoD server certificate.
DISA STIG Apache Site 2.2 Unix v1r11 Middleware
Unix
WG355 W22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG410 IIS6 - Interactive scripts must have proper access controls. - 'CGI Directory Permissions'
DISA STIG IIS 6.0 Site Checklist v6r16
Windows
WG410 IIS6 - Interactive scripts must have proper access controls. - 'Execute Permissions set 'Script only'
DISA STIG IIS 6.0 Site Checklist v6r16
Windows
WG430 A22 - Anonymous FTP user access to interactive scripts is prohibited.
DISA STIG Apache Site 2.2 Unix v1r11 Middleware
Unix
WG430 IIS6 - Anonymous FTP users must not have access to interactive scripts.
DISA STIG IIS 6.0 Site Checklist v6r16
Windows
WG440 A22 - Monitoring software must include CGI or equivalent programs in its scope.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WG460 W22 - PERL scripts must use the TAINT option.
DISA STIG Apache Site 2.2 Windows v1r13
Windows
WG470 W22 - Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. - 'Cscript.exe'
DISA STIG Apache Server 2.2 Windows v1r13
Windows
‹‹ Previous
Previous
Page 1 of 477
• 23845 Total
Next
Next ››