Detections
Analytics

Item Search

NameAudit NamePluginCategory
DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - 'Oracle Advanced Security is installed'DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DG0050-ORACLE11 - Database software, applications and configuration files should be monitored to discover unauthorized changes.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0052-ORACLE11 - All applications that access the database should be logged in the audit trail.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0083-ORACLE11 - Automated notification of suspicious activity detected in the audit trail should be implemented.DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DG0086-ORACLE11 - DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0097-ORACLE11 - Plans and procedures for testing DBMS installations, upgrades and patches should be defined and followed prior to production implementation.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG7001-ORACLE11 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DO0360-ORACLE11 - Connections by mid-tier web and application systems to the Oracle DBMS should be protected, encrypted and authenticated according to database, web, application, enclave and network requirements.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
WA060 IIS6 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.DISA STIG IIS 6.0 Server v6r16Windows
WA070 A22 - A private web server must be located on a separate controlled access subnet.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA070 IIS6 - A private web server must be located on a separate controlled access subnet.DISA STIG IIS 6.0 Server v6r16Windows
WA230 IIS6 - The site software used with the web server must have all applicable security patches applied and documented.DISA STIG IIS 6.0 Server v6r16Windows
WA230 W22 - The site software used with the web server must have all applicable security patches applied and documented.DISA STIG Apache Server 2.2 Windows v1r13Windows
WA00500 A22 - Active software modules must be minimized.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00525 A22 - User specific directories must not be globally enabled.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00530 A22 - The process ID (PID) file must be properly securedDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00530 A22 - The process ID (PID) file must be properly secured - permissionsDISA STIG Apache Server 2.2 Unix v1r11Unix
WA00560 A22 - The URL-path name must be set to the file path name or the directory path name.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA00565 A22 - HTTP request methods must be limited - OrderDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG050 A22 - The web server password(s) must be entrusted to the SA or Web Manager.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG050 A22 - The web server password(s) must be entrusted to the SA or Web Manager.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG050 W22 - The web server service password(s) must be entrusted to the SA or Web Manager.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG080 A22 - Installation of a compiler on production web server is prohibited.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG080 W22 - Installation of a compiler on production web server must be prohibited.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG204 A22 - A web server must be segregated from other services.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG220 A22 - Web administration tools must be restricted to the web manager and the web manager's designees - AccessConfigDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG220 A22 - Web administration tools must be restricted to the web manager and the web manager's designees - ResourceConfigDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG240 IIS6 - Logs of web server access and errors must be established and maintained.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG250 A22 - Log file access must be restricted to System Administrators, Web Administrators or Auditors.DISA STIG Apache Site 2.2 Unix v1r11Unix
WG260 A22 - Only web sites that have been fully reviewed and tested must exist on a production web server.DISA STIG Apache Site 2.2 Unix v1r11Unix
WG260 A22 - Only web sites that have been fully reviewed and tested must exist on a production web server.DISA STIG Apache Site 2.2 Unix v1r11 MiddlewareUnix
WG260 IIS6 - Only fully reviewed and tested web sites must exist on a production web server.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG260 W22 - Only web sites that have been fully reviewed and tested must exist on a production web server.DISA STIG Apache Site 2.2 Windows v1r13Windows
WG270 A22 - The web server's htpasswd files (if present) must reflect proper ownership and permissionsDISA STIG Apache Server 2.2 Unix v1r11Unix
WG275 W22 - The web server, although started by superuser or privileged account, must run using a non-privileged account.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG280 - The access control files are owned by a privileged web server account - HTACCESS_DIRDISA STIG Apache Server 2.2 Unix v1r11Unix
WG280 - The access control files are owned by a privileged web server account - HTTPD_CONFIG_DIRECTORY/httpd.confDISA STIG Apache Server 2.2 Unix v1r11Unix
WG330 A22 - A public web server must limit email to outbound only - sendmailDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG350 A22 - A private web server will have a valid DoD server certificate.DISA STIG Apache Site 2.2 Unix v1r11Unix
WG350 IIS6 - A private web server must have a valid server certificate.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG350 W22 - A private web server must have a valid DoD server certificate.DISA STIG Apache Site 2.2 Windows v1r13Windows
WG355 A22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG355 A22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG355 W22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG410 W22 - Interactive scripts used on a web server must have proper access controls.DISA STIG Apache Site 2.2 Windows v1r13Windows
WG430 A22 - Anonymous FTP user access to interactive scripts is prohibited.DISA STIG Apache Site 2.2 Unix v1r11Unix
WG430 W22 - Anonymous FTP user access to interactive scripts must be prohibited.DISA STIG Apache Site 2.2 Windows v1r13Windows
WG440 A22 - Monitoring software must include CGI or equivalent programs in its scope.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG470 W22 - Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. - 'Cscript.exe'DISA STIG Apache Server 2.2 Windows v1r13Windows
WG470 W22 - Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. - 'Wscript.exe'DISA STIG Apache Server 2.2 Windows v1r13Windows