As part of 10.1.13 release, the following Apache Tomcat STIGs have been addressed in NCM.
V-214287 : Only authenticated system administrators or the designated PKI Sponsor for the Apache web server must have access to the Apache web servers private key.