| SRG-APP-000141-API-000240 | V1R1 | API keys must be configured with usage restrictions. | Security Requirements Guide - API |
| SRG-APP-000141-API-000245 | V1R1 | The API must limit the exposure of endpoints. | Security Requirements Guide - API |
| SRG-APP-000141-CTR-000315 | V2R4 | The container platform must be configured with only essential configurations. | Security Requirements Guide - Container Platform |
| SRG-APP-000141-CTR-000320 | V2R4 | The container platform registry must contain only container images for those capabilities being offered by the container platform. | Security Requirements Guide - Container Platform |
| SRG-APP-000141-MFP-000200 | V3R4 | The Mainframe Product must be configured to disable non-essential capabilities. | Security Requirements Guide - Mainframe Product |
| SRG-APP-000141-WSR-000015 | V4R4 | The web server must not perform user management for hosted applications. | Security Requirements Guide - Web Server |
| SRG-APP-000141-WSR-000075 | V4R4 | The web server must only contain services and functions necessary for operation. | Security Requirements Guide - Web Server |
| SRG-APP-000141-WSR-000076 | V4R4 | The web server must not be a proxy server. | Security Requirements Guide - Web Server |
| SRG-APP-000141-WSR-000077 | V4R4 | The web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials. | Security Requirements Guide - Web Server |
| SRG-APP-000141-WSR-000078 | V4R4 | Web server accounts not utilized by installed features (i.e., tools, utilities, specific services, etc.) must not be created and must be deleted when the web server feature is uninstalled. | Security Requirements Guide - Web Server |
| SRG-APP-000141-WSR-000080 | V4R4 | The web server must provide install options to exclude installation of utility programs, services, plug-ins, and modules not necessary for operation. | Security Requirements Guide - Web Server |
| SRG-APP-000141-WSR-000081 | V4R4 | The web server must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. | Security Requirements Guide - Web Server |
| SRG-APP-000141-WSR-000082 | V4R4 | The web server must allow the mappings to unused and vulnerable scripts to be removed. | Security Requirements Guide - Web Server |
| SRG-APP-000141-WSR-000083 | V4R4 | The web server must have resource mappings set to disable the serving of certain file types. | Security Requirements Guide - Web Server |
| SRG-APP-000141-WSR-000085 | V4R4 | The web server must have Web Distributed Authoring (WebDAV) disabled. | Security Requirements Guide - Web Server |
| SRG-APP-000141-WSR-000086 | V4R4 | The web server must protect system resources and privileged operations from hosted applications. | Security Requirements Guide - Web Server |
| SRG-APP-000141-WSR-000087 | V4R4 | Users and scripts running on behalf of users must be contained to the document root or home directory tree of the web server. | Security Requirements Guide - Web Server |