| 1.1 JBoss Enterprise Application Platform should be a vendor supported version | Redhat JBoss EAP 5.x | Unix | CONFIGURATION MANAGEMENT |
| 1.1/1.2 - JBoss Enterprise Application Platform/Ensure Java Runtime Environment in use is a supported version | Redhat JBoss EAP 5.x | Unix | CONFIGURATION MANAGEMENT |
| 1.23 snmp-adaptor.sar must not be deployed - 'JBOSS_HOME/server/@PROFILE@/deploy/snmp-adaptor.sar' | Redhat JBoss EAP 5.x | Unix | CONFIGURATION MANAGEMENT |
| 1.290 - The system must not have accounts configured with blank or null passwords - password-auth | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.440 - The system must not allow an unattended or automatic logon to the system via a graphical user interface. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.450 - The system must not allow an unrestricted logon to the system. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.480 - systems prior to version 7.2 with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes - password | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.480 - systems prior to version 7.2 with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes - superusers | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.482 - systems version 7.2 or newer with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes - password | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.482 - systems version 7.2 or newer with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes - superusers | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.490 - systems prior to version 7.2 using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - password | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.490 - systems prior to version 7.2 using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - superusers | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.491 - systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - password | Tenable Fedora Linux Best Practices v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.491 - systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - superusers | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.1 Ensure JMX Console is either secured or removed - 'java:/jaas/jmx-console = true' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.1 Ensure JMX Console is either secured or removed - 'java:/jaas/jmx-console = true' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.1 Ensure JMX Console is either secured or removed - 'java:/jaas/jmx-console = true' - jmx-console.war | Redhat JBoss EAP 5.x | Unix | CONFIGURATION MANAGEMENT |
| 3.2 Ensure Web Console is either secured or removed - 'java:/jaas/jmx-console = true' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.2 Ensure Web Console is either secured or removed - 'JBOSS_HOME/server/@PROFILE@/deploy/admin-console.war' | Redhat JBoss EAP 5.x | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Ensure Admin Console is either secured or removed | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.3 Ensure Admin Console is either secured or removed - 'java:/jaas/jmx-console = true' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.3 Ensure Admin Console is either secured or removed - 'JBOSS_HOME/server/@PROFILE@/deploy/management' | Redhat JBoss EAP 5.x | Unix | CONFIGURATION MANAGEMENT |
| 3.4 The JMXInvokerServlet servlet must be secured against web attacks | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.4 The JMXInvokerServlet servlet must be secured against web attacks - 'http-method,'POST' = false' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.4 The JMXInvokerServlet servlet must be secured against web attacks - 'http-method,GET = false' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.5 JMXInvokerServlet configuration - 'usersProperties = props/jmx-console-users.properties' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.5 JMXInvokerServlet servlet configuration - 'rolesProperties = props/jmx-console-roles.properties' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.5 The JMXInvokerServlet servlet must be configured to prevent unprivileged access using authentication | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.5 The JMXInvokerServlet servlet must be configured to prevent unprivileged access using authentication - 'java:/jaas/jmx-console = true' | Redhat JBoss EAP 5.x | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.6 JMXInvokerServlet configuration - 'org.jboss.jmx.connector.invoker.RolesAuthorization = true' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.6 JMXInvokerServlet configuration - 'rolesProperties = props/jmx-console-roles.properties' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.6 JMXInvokerServlet configuration - 'usersProperties = props/jmx-console-users.properties' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.6 The JMXInvokerServlet servlet must be configured to prevent unprivileged access using authentication | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.2000 - The system must use a virus scan program. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.390 - The system must be configured so that the SSH daemon is configured to only use the SSHv2 protocol. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| NET0240 - Devices exist with standard default passwords | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET0240 - Devices exist with standard default passwords | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| NET0240 - Network devices must not have any default manufacturer passwords. | DISA STIG Juniper Infrastructure Router V8R27 | Juniper | |
| NET0460 - Group accounts are defined | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| NET0926 - IPv4 Bogon and Martian addresses are not blocked | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
| NET0926 - IPv4 Bogon and Martian addresses are not blocked | DISA STIG Cisco Perimeter Router v8r32 | Cisco | |
| NET1665 - The network device must not use the default or well-known SNMP community strings public and private. | DISA STIG Cisco Firewall v8r24 | Cisco | |
| NET1970 - Firewall software has been upgraded to mitigate the risk of DNS cache poisoning attack caused by a flawed PAT implementation | DISA STIG Cisco Firewall v8r25 | Cisco | |
| OSX00160 - Install an antivirus tool | DISA STIG Apple Mac OSX 10.5 v1r2 | Unix | |
| WA155 - Classified web servers will be afforded physical security commensurate with the classification of its content. | DISA IIS 7.0 Web Server v1r19 | Windows | |
| WA155 W22 - Classified web servers will be afforded physical security commensurate with the classification of its content. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG190 A22 - Web server software must be a vendor-supported version. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WG200 IIS6 - Non-administrators must not be allowed access to the directory tree, the shell, or other utilities. - 'command.com' | DISA STIG IIS 6.0 Server v6r16 | Windows | |
| WG200 W22 - Administrators must be the only users allowed access to the directory tree, the shell, or other operating system functions and utilities. - 'System32\command.com' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG235 W22 - Web Administrators must only use encrypted connections for Document Root directory uploads. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | |
