| 3.2 Ensure SharePoint implements an information system isolation boundary that minimizes the number of non-security functions included within the boundary containing security functions. | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Ensure SharePoint implements an information system isolation boundary that minimizes the number of non-security functions. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure Default IIS web log location is moved | CIS IIS 8.0 v1.5.1 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure Default IIS web log location is moved | CIS IIS 7 L1 v1.8.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure Default IIS web log location is moved | CIS IIS 10 v1.2.1 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.6 Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.29 Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| DISA_STIG_VMware_vSphere_7.0_Photon_OS_v1r3.audit from DISA VMware vSphere 7.0 vCenter Appliance Photon OS v1r3 STIG | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | |
| F5BI-AP-000235 - The F5 BIG-IP appliance APM Access Policies that grant access to web application resources must allow only client certificates that have the User Persona Name (UPN) value in the User Persona Client Certificates. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| HTTP TRACE method should be disabled. 'RewriteCond' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteCond' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteEngine' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteEngine' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteLogLevel' | TNS IBM HTTP Server Best Practice | Windows | AUDIT AND ACCOUNTABILITY |
| HTTP TRACE method should be disabled. 'RewriteRule' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteRule' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteRule' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'TraceEnable' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'TraceEnable' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| IIST-SI-000208 - An IIS 10.0 website behind a load balancer or proxy server must produce log records containing the source client IP, and destination information. | DISA IIS 10.0 Site v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SI-000235 - The Idle Time-out monitor for each IIS 10.0 website must be enabled. | DISA IIS 10.0 Site v2r10 | Windows | ACCESS CONTROL |
| IIST-SI-000237 - The IIS 10.0 website must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA IIS 10.0 Site v2r10 | Windows | ACCESS CONTROL |
| IIST-SI-000238 - The IIS 10.0 website must use a logging mechanism configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 10.0 website. | DISA IIS 10.0 Site v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SI-000241 - The IIS 10.0 website must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs). | DISA IIS 10.0 Site v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000242 - The IIS 10.0 private website must employ cryptographic mechanisms (TLS) and require client certificates. | DISA IIS 10.0 Site v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000109 - An IIS 10.0 web server behind a load balancer or proxy server must produce log records containing the source client IP and destination information. | DISA IIS 10.0 Server v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000109 - An IIS 10.0 web server behind a load balancer or proxy server must produce log records containing the source client IP and destination information. | DISA IIS 10.0 Server v3r2 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000117 - The IIS 10.0 web server must not perform user management for hosted applications. | DISA IIS 10.0 Server v3r2 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000117 - The IIS 10.0 web server must not perform user management for hosted applications. | DISA IIS 10.0 Server v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000125 - The IIS 10.0 web server must have Web Distributed Authoring and Versioning (WebDAV) disabled. | DISA IIS 10.0 Server v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000125 - The IIS 10.0 web server must have Web Distributed Authoring and Versioning (WebDAV) disabled. | DISA IIS 10.0 Server v3r2 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000142 - The IIS 10.0 web server must restrict inbound connections from non-secure zones. | DISA IIS 10.0 Server v3r2 | Windows | ACCESS CONTROL |
| IIST-SV-000142 - The IIS 10.0 web server must restrict inbound connections from non-secure zones. | DISA IIS 10.0 Server v2r10 | Windows | ACCESS CONTROL |
| IIST-SV-000143 - The IIS 10.0 web server must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA IIS 10.0 Server v2r10 | Windows | ACCESS CONTROL |
| IIST-SV-000143 - The IIS 10.0 web server must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA IIS 10.0 Server v3r2 | Windows | ACCESS CONTROL |
| IISW-SI-000208 - An IIS 8.5 website behind a load balancer or proxy server, must produce log records containing the source client IP and destination information. | DISA IIS 8.5 Site v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SI-000236 - The IIS 8.5 websites connectionTimeout setting must be explicitly configured to disconnect an idle session. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| IISW-SI-000237 - The IIS 8.5 website must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| IISW-SI-000238 - The IIS 8.5 website must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 8.5 website. | DISA IIS 8.5 Site v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000109 - An IIS 8.5 web server behind a load balancer or proxy server, must produce log records containing the source client IP and destination information. | DISA IIS 8.5 Server v2r7 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000125 - The IIS 8.5 web server must have Web Distributed Authoring and Versioning (WebDAV) disabled. | DISA IIS 8.5 Server v2r7 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SV-000142 - The IIS 8.5 web server must restrict inbound connections from nonsecure zones. | DISA IIS 8.5 Server v2r7 | Windows | ACCESS CONTROL |
| IISW-SV-000143 - The IIS 8.5 web server must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA IIS 8.5 Server v2r7 | Windows | ACCESS CONTROL |
| SP13-00-000015 - SharePoint must utilize approved cryptography to protect the confidentiality of remote access sessions. | DISA STIG SharePoint 2013 v2r3 | Windows | ACCESS CONTROL |
| SP13-00-000020 - SharePoint must use cryptography to protect the integrity of the remote access session. | DISA STIG SharePoint 2013 v2r3 | Windows | ACCESS CONTROL |
| SP13-00-000110 - SharePoint must ensure authentication of both client and server during the entire session. An example of this is SSL Mutual Authentication. | DISA STIG SharePoint 2013 v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000120 - SharePoint must maintain the confidentiality of information during aggregation, packaging, and transformation in preparation for transmission. When transmitting data, applications need to leverage transmission protection mechanisms such as TLS, SSL VPNs, or IPSec. | DISA STIG SharePoint 2013 v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000135 - SharePoint must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission, unless the transmitted data is otherwise protected by alternative physical measures. | DISA STIG SharePoint 2013 v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
