| DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - '$ORACLE_HOME/network/admin/sqlnet.ora SQLNET.SSLFIPS_140 = true' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\bin\extproc.exe does not exist' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\hs\admin\extproc.ora SET EXTPROC_DLLS = ONLY' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\hs\admin\extproc.ora SET EXTPROC_DLLS contains only valid paths' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/rdbms/admin/externaljob.ora SET EXTPROC_DLLS=ONLY' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0110-ORACLE11 - The DBMS should not share a host supporting an independent security service - 'DomainRole != 4 or 5' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0187-ORACLE11 - DBMS software libraries should be periodically backed up - '$ORACLE_BASE files are being backed up' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONTINGENCY PLANNING |
| DG0187-ORACLE11 - DBMS software libraries should be periodically backed up - '$ORACLE_HOME files are being backed up' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONTINGENCY PLANNING |
| DG0195-ORACLE11 - DBMS production application and data directories should be protected from developers on shared production/development DBMS host systems - 'root is not a mamber of the oracle group' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle services use appropriate service accounts' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0286-ORACLE11 - The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0 - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora INBOUND_CONNECT_TIMEOUT_listener > 0' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '$ORACLE_HOME/network/admin/listener.ora DIAG_ADR_ENABLED_{listener} = on' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'LOG_DIRECTORY_{listener} is configured' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'LOG_DIRECTORY_SERVER = $ORACLE_BASElog' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DTBI014 - The IE TLS parameter must be set correctly. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI039 - Navigating windows and frames across different domains must be disallowed (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | ACCESS CONTROL |
| DTBI046 - Logon options must be configured to prompt (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI136 - Logon options must be configured and enforced (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI300 - Configuring History setting must be set to 40 days - History | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | AUDIT AND ACCOUNTABILITY |
| DTBI319 - Internet Explorer must be configured to disallow users to change policies. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI670 - Scripting of Java applets must be disallowed (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI825 - Internet Explorer Processes for notification bars must be enforced (Explorer). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI840 - Cross-Site Scripting (XSS) Filter must be enforced (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI850 - Scripting of Internet Explorer Web Browser Control must be disallowed (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI910 - Status bar updates via script must be disallowed (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| WA00500 W22 - Active software modules must be minimized. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA00515 A22 - Automatic directory indexing must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WA00547 A22 - The ability to override the access configuration for the OS root directory must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WA00612 A22 - The sites error logs must log the correct format. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WA00615 A22 - System logging must be enabled. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | AUDIT AND ACCOUNTABILITY |
| WG110 W22 - The number of allowed simultaneous requests must be set. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG205 W22 - The web document (home) directory must be in a separate partition from the web server's system files. - 'CustomLog' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY |
| WG205 W22 - The web document (home) directory must be in a separate partition from the web server's system files. - 'DocumentRoot' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG255 A22 - Access to the web server log files must be restricted to administrators, web administrators, and auditors. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - document root | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - htdocs | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - logs | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\ftproot\dropbox' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\mailroot' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\inetpub\wwwroot\docs' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\iisadmpwd' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG330 A22 - A public web server must limit email to outbound only - netstat | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG330 W22 - A public web server must limit e-mail to outbound only. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG340 A22 - A private web server must utilize an approved TLS version - SSLEngine | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG340 A22 - A private web server must utilize an approved TLS version - SSLProtocol | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG340 IIS6 - A private web server must utilize an approved TLS version. - 'SSL 3.0\Server' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'ASP Default Language set to VBScript' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG460 A22 - PERL scripts must use the TAINT option. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WG470 IIS6 - Wscript.exe and Cscript.exe must not be accessible by users other than the SA and Web Manager. - 'cscript.exe' | DISA STIG IIS 6.0 Server v6r16 | Windows | ACCESS CONTROL |
