| DTBI038 - Launching programs and files in IFRAME must be disallowed (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI042 - Userdata persistence must be disallowed (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI126 - Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI132 - Userdata persistence must be disallowed (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI320 - Internet Explorer must be configured to use machine settings. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI630 - Internet Explorer Processes for Restrict File Download must be enforced (Reserved). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI745 - Add-on performance notifications must be disallowed. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI755 - Browser Geolocation functionality must be disallowed. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI765 - Suggested Sites functionality must be disallowed. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI805 - ActiveX opt-in prompt must be disallowed. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI860 - When uploading files to a server, the local directory path must be excluded (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| WA230 A22 - The Web site software used with the web server must have all applicable security patches applied and documented. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WA00505 A22 - Web Distributed Authoring and Versioning (WebDAV) must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WA00510 A22 - Web server status module must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WA00525 W22 - User specific directories must not be globally enabled. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA00530 A22 - The process ID (PID) file must be properly secured - config | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA00550 W22 - The TRACE method must be disabled. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA00555 A22 - The web server must be configured to listen on a specific IP address and port - 80 | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA00555 W22 - The web server must be configured to listen on a specific IP address and port. - '0.0.0.0:80' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA00565 A22 - HTTP request methods must be limited - Deny | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA00605 A22 - Error logging must be enabled. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | AUDIT AND ACCOUNTABILITY |
| WA00605 W22 - Error logging must be enabled. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY |
| WA00615 W22 - System logging must be enabled. - 'ErrorLog' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY |
| WA00615 W22 - System logging must be enabled. - 'log_config_module' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA00620 W22 - The LogLevel directive must be enabled. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY |
| WG140 A22 - Private web servers must require certificates issued from a DoD-authorized Certificate Authority. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG220 W22 - Web administration tools must be restricted to the web manager and the web manager's designees. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG237 A22 - Remote authors or content providers must have all files scanned for viruses and malicious code before uploading files to the Document Root directory. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WG237 W22 - Remote authors or content providers must have all files scanned for malware before uploading files to the Document Root directory. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WG240 A22 - Logs of web server access and errors must be established and maintained | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | AUDIT AND ACCOUNTABILITY |
| WG242 W22 - Log file data must contain required data elements. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY |
| WG250 A22 - Log file access must be restricted to System Administrators, Web Administrators or Auditors. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - apache | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - apache/* | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - cgi_bin | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - logs | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - logs/* | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\data' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\MBSchema.bin.00000000h | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\metabase.bin | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG300 W22 - Web server system files must conform to minimum file permission requirements. - 'ServerRoot' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG310 W22 - A web site must not contain a robots.txt file. - 'Alias' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG340 IIS6 - A private web server must utilize an approved TLS version. - 'TLS 1.0\Client' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG340 IIS6 - A private web server must utilize an approved TLS version. - 'TLS 1.0\Server' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'SSL 3.0 Client' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'TLS 1.0 Client' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG370 A22 - MIME types for csh or sh shell programs must be disabled - Action | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG400 A22 - All interactive programs (CGI) must be placed in a designated directory with appropriate permissions. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | ACCESS CONTROL |
| WG400 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG470 IIS6 - Wscript.exe and Cscript.exe must not be accessible by users other than the SA and Web Manager. - 'wscript.exe' | DISA STIG IIS 6.0 Server v6r16 | Windows | ACCESS CONTROL |
