| STIG ID | Version | Title | Product |
|---|---|---|---|
| SRG-APP-000223-WSR-000011 | V4R4 | Cookies exchanged between the web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating web server and hosted application. | Security Requirements Guide - Web Server |
| SRG-APP-000223-WSR-000145 | V4R4 | The web server must accept only system-generated session identifiers. | Security Requirements Guide - Web Server |