| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 8 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 10.1 v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 10 L2 v1.1.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Apache_Tomcat_9_L1_v1.2.0_Middleware.audit from CIS Apache Tomcat 9 Benchmark | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | |
| CIS_Apache_Tomcat_9_L1_v1.2.0.audit from CIS Apache Tomcat 9 Benchmark | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | |
| CIS_Apache_Tomcat_9_L2_v1.2.0_Middleware.audit from CIS Apache Tomcat 9 Benchmark | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | |
| CIS_Apache_Tomcat_9_L2_v1.2.0.audit from CIS Apache Tomcat 9 Benchmark | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | |
| DISA_IIS_8.5_Web_Server_v2r7.audit from DISA Microsoft IIS 8.5 Server v2r7 STIG | DISA IIS 8.5 Server v2r7 | Windows | |
| DISA_IIS_8.5_Web_Site_v2r9.audit from DISA Microsoft IIS 8.5 Site v2r9 STIG | DISA IIS 8.5 Site v2r9 | Windows | |
| DISA_STIG_Apache_Server-2.2_Unix_v1r11_Middleware.audit from DISA Apache 2.2 Unix STIG v1r11 | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| DISA_STIG_Apache_Server-2.2_Windows_v1r13.audit from DISA APACHE 2.2 Server for Windows v1r13 STIG | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| DISA_STIG_Apache_Server-2.4_Unix_v3r1_Middleware.audit from DISA Apache Server 2.4 UNIX Server v3r1 STIG | DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware | Unix | |
| DISA_STIG_Apache_Server-2.4_Unix_v3r1.audit from DISA Apache Server 2.4 UNIX Server v3r1 STIG | DISA STIG Apache Server 2.4 Unix Server v3r1 | Unix | |
| DISA_STIG_Apache_Server-2.4_Windows_v2r3.audit from DISA Apache Server 2.4 Windows Server v2r3 STIG | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | |
| DISA_STIG_Apache_Server-2.4_Windows_v3r1.audit from DISA Apache Server 2.4 Windows Server v3r1 STIG | DISA STIG Apache Server 2.4 Windows Server v3r1 | Windows | |
| DISA_STIG_Apache_Site-2.2_Unix_v1r11_Middleware.audit from DISA Apache 2.2 Unix STIG v1r11 | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | |
| DISA_STIG_Apache_Site-2.4_Unix_v2r4_Middleware.audit from DISA Apache Server 2.4 UNIX Site v2r4 STIG | DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware | Unix | |
| DISA_STIG_Apache_Site-2.4_Unix_v2r4.audit from DISA Apache Server 2.4 UNIX Site v2r4 STIG | DISA STIG Apache Server 2.4 Unix Site v2r4 | Unix | |
| DISA_STIG_Apache_Site-2.4_Windows_v2r1.audit from DISA Apache Server 2.4 Windows Site v2r1 STIG | DISA STIG Apache Server 2.4 Windows Site v2r1 | Windows | |
| DISA_STIG_Apache_Tomcat_Application_Server_9_v3r1_Middleware.audit from DISA Apache Tomcat Application Server 9 v3r1 STIG | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | |
| DISA_STIG_Microsoft_Windows_2012_Server_DNS_v2r7.audit from DISA Microsoft Windows 2012 Server Domain Name System v2r7 STIG | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | |
| DISA_STIG_MSSQL_2012_Database_v1r20.audit from DISA Microsoft SQL Server Instance 2012 v1r20 STIG | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | |
| DISA_STIG_MSSQL_2012_Instance-DB_v1r20.audit from DISA Microsoft SQL Server Instance 2012 v1r20 STIG | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | |
| DISA_STIG_Oracle_Linux_6_v2r7.audit from DISA Oracle Linux 6 v2r7 STIG | DISA STIG Oracle Linux 6 v2r7 | Unix | |
| DISA_STIG_VMware_vSphere_6.7_Perfcharts_Tomcat_v1r3.audit from DISA VMware vSphere 6.7 Perfcharts Tomcat v1r3 STIG | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | |
| DISA_STIG_VMware_vSphere_6.7_STS_Tomcat_v1r3.audit from DISA VMware vSphere 6.7 STS Tomcat v1r3 STIG | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | |
| DISA_STIG_VMware_vSphere_6.7_UI_Tomcat_v1r3.audit from DISA VMware vSphere 6.7 UI Tomcat v1r3 STIG | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | |
| JMX process not found | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | |
| TCAT-AS-000010 - The number of allowed simultaneous sessions to the manager application must be limited. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | ACCESS CONTROL |
| TCAT-AS-000020 - Secured connectors must be configured to use strong encryption ciphers. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | ACCESS CONTROL |
| TCAT-AS-000090 - DefaultServlet must be set to readonly for PUT and DELETE. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | ACCESS CONTROL |
| TCAT-AS-000110 - The Java Security Manager must be enabled. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | ACCESS CONTROL |
| TCAT-AS-000170 - Tomcat servers behind a proxy or load balancer must log client IP. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-000240 - Date and time of events must be logged. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-000470 - Stack tracing must be disabled. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
| TCAT-AS-000580 - Documentation must be removed. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
| TCAT-AS-000600 - Tomcat management applications must use LDAP realm authentication. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000630 - TLS must be enabled on JMX. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000700 - DOD root CA certificates must be installed in Tomcat trust store. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000970 - Idle timeout for the management application must be set to 10 minutes. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | ACCESS CONTROL |
| TCAT-AS-001060 - Tomcat user account must be a non-privileged user. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | ACCESS CONTROL |
| TCAT-AS-001080 - Application user name must be logged. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | ACCESS CONTROL |
| TCAT-AS-001320 - Multifactor certificate-based tokens (CAC) must be used when accessing the management interface. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-001700 - Tomcat users in a management role must be approved by the ISSO. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
