| AS24-U1-000010 - The Apache web server must limit the number of allowed simultaneous session requests - KeepAlive | DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000010 - The Apache web server must limit the number of allowed simultaneous session requests - MaxKeepAliveRequests | DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000020 - The Apache web server must perform server-side session management - session_module | DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000020 - The Apache web server must perform server-side session management - usertrack_module | DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000020 - The Apache web server must perform server-side session management. | DISA STIG Apache Server 2.4 Unix Server v3r1 | Unix | ACCESS CONTROL |
| AS24-U2-000020 - The Apache web server must perform server-side session management. | DISA STIG Apache Server 2.4 Unix Site v2r4 | Unix | ACCESS CONTROL |
| AS24-U2-000020 - The Apache web server must perform server-side session management. | DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware | Unix | ACCESS CONTROL |
| AS24-W1-000020 - The Apache web server must perform server-side session management - session_module | DISA STIG Apache Server 2.4 Windows Server v3r1 | Windows | ACCESS CONTROL |
| AS24-W2-000010 - The Apache web server must limit the number of allowed simultaneous session requests. | DISA STIG Apache Server 2.4 Windows Site v2r1 | Windows | ACCESS CONTROL |
| BIND-9X-001051 - The BIND 9.x secondary name server must limit the total number of zones the name server can request at any one time. | DISA BIND 9.x STIG v2r3 | Unix | ACCESS CONTROL |
| CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number. | DISA STIG Cisco IOS-XR Router NDM v3r1 | Cisco | ACCESS CONTROL |
| CISC-ND-000010 - The Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number. | DISA STIG Cisco IOS Switch NDM v3r1 | Cisco | ACCESS CONTROL |
| CISC-ND-000010 - The Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number. | DISA STIG Cisco IOS XE Switch NDM v3r1 | Cisco | ACCESS CONTROL |
| DKER-EE-001000 - The Docker Enterprise Per User Limit Login Session Control in the Universal Control Plane (UCP) Admin Settings must be set to an organization-defined value for all accounts and/or account types. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | ACCESS CONTROL |
| EP11-00-000100 - The EDB Postgres Advanced Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | ACCESS CONTROL |
| ESXI-67-000001 - Access to the ESXi host must be limited by enabling Lockdown Mode. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | ACCESS CONTROL |
| EX16-ED-000010 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | ACCESS CONTROL |
| F5BI-DM-000003 - The BIG-IP appliance must limit the number of concurrent sessions to the Configuration Utility to 10 or an organization-defined number. | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | ACCESS CONTROL |
| F5BI-LT-000029 - The BIG-IP Core implementation must be configured to limit the number of concurrent sessions to an organization-defined number for virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | ACCESS CONTROL |
| IIST-SI-000201 - The IIS 10.0 website session state must be enabled. | DISA IIS 10.0 Site v2r9 | Windows | ACCESS CONTROL |
| IIST-SV-000200 - The IIS 10.0 websites MaxConnections setting must be configured to limit the number of allowed simultaneous session requests. | DISA IIS 10.0 Server v2r10 | Windows | ACCESS CONTROL |
| IISW-SI-000202 - The IIS 8.5 website session state cookie settings must be configured to Use Cookies mode. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| JUNI-ND-000010 - The Juniper router must be configured to limit the number of concurrent management sessions to an organization-defined number. | DISA STIG Juniper Router NDM v3r1 | Juniper | ACCESS CONTROL |
| JUSX-DM-000001 - The Juniper SRX Services Gateway must limit the number of concurrent sessions to a maximum of 10 or less for remote access using SSH. | DISA Juniper SRX Services Gateway NDM v3r1 | Juniper | ACCESS CONTROL |
| O112-C2-000100 - The DBMS must limit the number of concurrent sessions for each system account to an organization-defined number of sessions. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | ACCESS CONTROL |
| O112-C2-019100 - The DBMS must protect against or limit the effects of the organization-defined types of Denial of Service (DoS) attacks. | DISA STIG Oracle 11.2g v2r5 Linux | Unix | ACCESS CONTROL |
| OH12-1X-000001 - OHS must have the mpm property set to use the worker Multi-Processing Module (MPM) as the preferred means to limit the number of allowed simultaneous requests. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000002 - OHS must have the mpm_prefork_module directive disabled so as not conflict with the worker directive used to limit the number of allowed simultaneous requests. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000003 - OHS must have the MaxClients directive defined to limit the number of allowed simultaneous requests. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000004 - OHS must limit the number of threads within a worker process to limit the number of allowed simultaneous requests - ThreadLimit | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000049 - OHS must capture, record, and log all content related to a user session. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000294 - OHS must have the LoadModule ossl_module directive enabled to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OL6-00-000319 - The system must limit users to 10 simultaneous system logins, or a site-defined number, in accordance with operational requirements. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| PPS9-00-000100 - The EDB Postgres Advanced Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| RHEL-06-000319 - The system must limit users to 10 simultaneous system logins, or a site-defined number, in accordance with operational requirements. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| SOL-11.1-040500 - The operating system must limit the number of concurrent sessions for each account to an organization-defined number of sessions. | DISA STIG Solaris 11 SPARC v3r1 | Unix | ACCESS CONTROL |
| SQL4-00-000100 - The number of concurrent SQL Server sessions for each system account must be limited. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-003600 - SQL Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types. | DISA STIG SQL Server 2016 Instance DB Audit v3r1 | MS_SQLDB | ACCESS CONTROL |
| UBTU-18-010400 - The Ubuntu operating system must limit the number of concurrent sessions to ten for all accounts and/or account types. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| VCEM-67-000004 - ESX Agent Manager must protect cookies from XSS. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCFL-67-000001 - vSphere Client must limit the amount of time that each TCP connection is kept alive. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLU-80-000001 The vCenter Lookup service must limit the number of maximum concurrent connections permitted. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-67-000004 - Performance Charts must protect cookies from cross-site scripting (XSS). | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-70-000004 - Performance Charts must protect cookies from cross-site scripting (XSS). | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-80-000001 The vCenter Perfcharts service must limit the number of maximum concurrent connections permitted. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-80-000001 The vCenter STS service must limit the number of maximum concurrent connections permitted. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000004 - vSphere UI must protect cookies from XSS. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-70-000004 - vSphere UI must protect cookies from cross-site scripting (XSS). | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-80-000001 The vCenter UI service must limit the number of maximum concurrent connections permitted. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-AC-000001 - The Windows 2012 DNS Server must restrict incoming dynamic update requests to known clients. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | ACCESS CONTROL |
