| 1.1 Ensure 'Web content' is on non-system partition | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL |
| 1.2 Ensure 'host headers' are on all sites | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.2 Ensure 'host headers' are on all sites | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.3 Ensure custom error messages are not off | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure custom error messages are not off - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.3 Ensure Custom Error Messages are not Off - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure custom error messages are not off - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.3 Ensure Custom Error Messages are not Off - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Ensure that the MaxZoneParts setting for Web Part limits is set to 100. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.1 Ensure that the MaxZoneParts setting for Web Parts is configured | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| DISA_STIG_VMware_vSphere_7.0_EAM_v1r2.audit from DISA VMware vSphere 7.0 vCenter Appliance EAM v1r2 STIG | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_ESXi_Bare_Metal_Host_v1r2.audit from DISA VMware vSphere 7.0 ESXi v1r2 STIG | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_RhttpProxy_v1r1.audit from DISA VMware vSphere 7.0 vCenter Appliance RhttpProxy v1r1 STIG | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_SVC.audit from DISA VMware vSphere 7.0 vCenter Appliance Lookup Service v1r2 STIG | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_VAMI_v1r2.audit from DISA VMware vSphere 7.0 VAMI v1r2 STIG | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_vCA_Perfcharts_v1r1.audit from DISA VMware vSphere 7.0 vCenter Appliance Perfcharts v1r1 STIG | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_vCA_PostgreSQL_v1r2.audit from DISA VMware vSphere 7.0 vCenter Appliance PostgreSQL v1r2 STIG | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_vCA_STS_v1r2.audit from DISA VMware vSphere 7.0 vCenter Appliance STS v1r2 STIG | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_vCA_UI_v1r2.audit from DISA VMware vSphere 7.0 vCenter Appliance UI v1r2 STIG | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | |
| IIST-SI-000209 - The IIS 10.0 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 10.0 website events. | DISA IIS 10.0 Site v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SI-000210 - The IIS 10.0 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. | DISA IIS 10.0 Site v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SI-000216 - The IIS 10.0 website must have resource mappings set to disable the serving of certain file types. | DISA IIS 10.0 Site v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000219 - Each IIS 10.0 website must be assigned a default host header. | DISA IIS 10.0 Site v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000220 - A private IIS 10.0 website authentication mechanism must use client certificates to transmit session identifier to assure integrity. | DISA IIS 10.0 Site v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000225 - The IIS 10.0 website must be configured to limit the maxURL. | DISA IIS 10.0 Site v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000233 - Warning and error messages displayed to clients must be modified to minimize the identity of the IIS 10.0 website, patches, loaded modules, and directory paths. | DISA IIS 10.0 Site v2r10 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IIST-SI-000236 - The IIS 10.0 websites connectionTimeout setting must be explicitly configured to disconnect an idle session. | DISA IIS 10.0 Site v2r10 | Windows | ACCESS CONTROL |
| IIST-SI-000244 - IIS 10.0 website session IDs must be sent to the client using TLS. | DISA IIS 10.0 Site v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000246 - Cookies exchanged between the IIS 10.0 website and the client must have cookie properties set to prohibit client-side scripts from reading the cookie data. | DISA IIS 10.0 Site v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session | DISA IIS 8.5 Site v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SI-000209 - The IIS 8.5 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 8.5 website events - success or failure of IIS 8.5 website events | DISA IIS 8.5 Site v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SI-000216 - The IIS 8.5 website must have resource mappings set to disable the serving of certain file types. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000217 - The IIS 8.5 website must have Web Distributed Authoring and Versioning (WebDAV) disabled. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000219 - Each IIS 8.5 website must be assigned a default host header. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000220 - A private websites authentication mechanism must use client certificates to transmit session identifier to assure integrity. | DISA IIS 8.5 Site v2r9 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000225 - The IIS 8.5 website must be configured to limit the maxURL. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000233 - Warning and error messages displayed to clients must be modified to minimize the identity of the IIS 8.5 website, patches, loaded modules, and directory paths. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IISW-SI-000235 - The Idle Time-out monitor for each IIS 8.5 website must be enabled. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| IISW-SI-000241 - The IIS 8.5 private website have a server certificate issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs). | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000242 - The IIS 8.5 private website must employ cryptographic mechanisms (TLS) and require client certificates. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000244 - IIS 8.5 website session IDs must be sent to the client using TLS. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000249 - The IIS 8.5 website must maintain the confidentiality and integrity of information during preparation for transmission and during reception. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000117 - The IIS 8.5 web server must not perform user management for hosted applications. | DISA IIS 8.5 Server v2r7 | Windows | CONFIGURATION MANAGEMENT |
| SHPT-00-000805 - The organization must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures. | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000060 - SharePoint must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds - ConnectionTimeout | DISA STIG SharePoint 2013 v2r3 | Windows | CONFIGURATION MANAGEMENT |
| SP13-00-000060 - SharePoint must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds - maxBandwidth | DISA STIG SharePoint 2013 v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI092 IIS6 - The IIS web site permissions 'Write' or 'Script Source' must not be selected. - 'Script Source permission check' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WA000-WI6010 IIS6 - The web site must have a unique application pool. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG310 IIS6 - A web site must not contain a robots.txt file. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
