| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'No dba account is a member of the root group' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'ORA_DBA Group has no unauthorized users' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DG0029-ORACLE11 - Required auditing parameters for database auditing should be set - 'audit_trail != none' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| DG0093-ORACLE11 - Remote adminstrative connections to the database should be encrypted - '%ORACLE_HOME%\ldap\admin\fips.ora SSLFIPS_140 = TRUE' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0093-ORACLE11 - Remote adminstrative connections to the database should be encrypted - '$ORACLE_HOME/ldap/admin/fips.ora SSLFIPS_140 = true' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\hs\admin\extproc.ora SET EXTPROC_DLLS contains only valid paths' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/network/admin/listener.ora PROGRAM=EXTPROC does not exist' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0110-ORACLE11 - The DBMS should not share a host supporting an independent security service - 'DomainRole != 4 or 5' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0112-ORACLE11 - DBMS system data files should be stored in dedicated disk directories. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DG0119-ORACLE11 - DBMS application users should not be granted administrative privileges to the DBMS. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DG0141-ORACLE11 - Attempts to bypass access controls should be audited. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| DG0152-ORACLE11 - DBMS network communications should comply with PPS usage restrictions - 'Oracle listeners are running on approved ports' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0191-ORACLE11 - Credentials used to access remote databases should be protected by encryption and restricted to authorized users. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle service account group membership is correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle services use appropriate service accounts' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0286-ORACLE11 - The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0 - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora INBOUND_CONNECT_TIMEOUT_listener > 0' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0340-ORACLE11 - Oracle application administration roles should be disabled if not required and authorized. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DO3536-ORACLE11 - The IDLE_TIME profile parameter should be set for Oracle profiles IAW DoD policy - 'Default profile IDLE_TIME < 15 minutes' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DO3536-ORACLE11 - The IDLE_TIME profile parameter should be set for Oracle profiles IAW DoD policy - 'Non-default profile IDLE_TIME < 15 minutes' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DO3610-ORACLE11 - Required object auditing should be configured - 'all_def_audit_opts count <> 0' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA LOG_DIRECTORY_SERVER is configured' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA LOG_FILE_SERVER is configured' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'LOG_FILE_{listener} is configured' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DO6740-ORACLE11 - The Oracle Listener ADMIN_RESTRICTIONS parameter if present should be set to ON - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora ADMIN_RESTRICTIONS_{listener} = on' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DO6747-ORACLE11 - Remote administration should be disabled for the Oracle connection manager - '%ORACLE_HOME%\NETWORK\ADMIN\CMAN.ORA does not exist' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - 'global.asa' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - 'global.asax' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WA000-WI080 IIS6 - The IIS Internet Printing Protocol must be disabled. | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI090 IIS6 - Directory browsing must be disabled. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6010 IIS6 - The web site must have a unique application pool. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6022 IIS6 - The maximum number of requests an application pool can process must be set. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6030 IIS6 - The Limit the kernel request queue monitor must be enabled | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6036 IIS6 - The Enable rapid-fail time period monitor must be enabled. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6086 IIS6 - The MaxFieldLength registry entry must be set properly. | DISA STIG IIS 6.0 Server v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6088 IIS6 - The MaxRequestBytes registry entry must be set properly. | DISA STIG IIS 6.0 Server v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6090 IIS6 - The UrlSegmentMaxLength registry entry must be set properly. | DISA STIG IIS 6.0 Server v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6092 IIS6 - The PercentUAllowed registry entry must be set properly. | DISA STIG IIS 6.0 Server v6r16 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WA000-WI6098 IIS6 - The MaxRequestEntityAllowed metabase value must be defined. - 'IisWebFileSetting' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WWA020 A22 - The Timeout directive must be properly set. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WA000-WWA050 A22 - All interactive programs must be placed in a designated directory with appropriate permissions - test-cgi | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WWA064 A22 - The HTTP request header field size must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WWA066 A22 - The HTTP request line must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG080 IIS6 - A compiler must not be installed on a production web server. - 'Lcc-win32.exe search' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG080 IIS6 - A compiler must not be installed on a production web server. - 'msc.exe search' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG080 IIS6 - A compiler must not be installed on a production web server. - 'Python.exe search' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG220 A22 - Web administration tools must be restricted to the web manager and the web manager's designees - AccessConfig | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WG220 A22 - Web administration tools must be restricted to the web manager and the web manager's designees - ResourceConfig | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WG340 W22 - A private web server must utilize an approved TLS version. - 'SSLEngine' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - '128-Bit Encryption Enabled' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG345 W22 - The web server must remove all export ciphers from the cipher suite. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
