| 2.1 Collect system configuration regularly | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 2.2 Scan for TROJAN aka Untrusted/Unauthorized Applications (Implement Allowlist) | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.3 Allowlist Authorized Software and Report Violations - CHKEXEC | CONFIGURATION MANAGEMENT |
| 2.3 Allowlist Authorized Software and Report Violations - kern.info | CONFIGURATION MANAGEMENT |
| 2.3 Allowlist Authorized Software and Report Violations - TE | CONFIGURATION MANAGEMENT |
| 2.4 Allowlist Authorized Libraries and Report Violations - CHKKERNEXT | CONFIGURATION MANAGEMENT |
| 2.4 Allowlist Authorized Libraries and Report Violations - CHKSHLIB | CONFIGURATION MANAGEMENT |
| 2.4 Allowlist Authorized Libraries and Report Violations - kern.info | CONFIGURATION MANAGEMENT |
| 2.4 Allowlist Authorized Libraries and Report Violations - TE | CONFIGURATION MANAGEMENT |
| 2.5 Allowlist Authorized Scripts and Report Violations - CHKSCRIPT | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.5 Allowlist Authorized Scripts and Report Violations - kern.info | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.7 Remove Unused Symbolic Links | CONFIGURATION MANAGEMENT |
| 3.3 Ensure default user umask is 027 or more restrictive | ACCESS CONTROL, MEDIA PROTECTION |
| 3.4 Remove group write permission from default groups - exceptions must be in TSD and audit | ACCESS CONTROL, MEDIA PROTECTION |
| 3.5 Application Data with requirement for world writable directories | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure there are no world writable files - exceptions must be in TSD and audit | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 Ensure there are no 'staff' writable files - exceptions must be in TSD and audit | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure all files and directories are owned by a user (uid) and assigned to a group (gid) | MEDIA PROTECTION |
| 4.1.1.1 Disable writesrv | CONFIGURATION MANAGEMENT |
| 4.1.1.2 Disable ntalk/talk | CONFIGURATION MANAGEMENT |
| 4.1.1.3 dt | CONFIGURATION MANAGEMENT |
| 4.1.1.4 piobe | CONFIGURATION MANAGEMENT |
| 4.1.1.5 qdaemon | CONFIGURATION MANAGEMENT |
| 4.1.1.6 rc.nfs | CONFIGURATION MANAGEMENT |
| 4.1.1.7 cas_agent | CONFIGURATION MANAGEMENT |
| 4.1.2.1 inetd - aka Super Daemon - aka Super Daemon | CONFIGURATION MANAGEMENT |
| 4.1.2.2 aixmibd | CONFIGURATION MANAGEMENT |
| 4.1.2.3 dhcpcd | CONFIGURATION MANAGEMENT |
| 4.1.2.4 dhcprd | CONFIGURATION MANAGEMENT |
| 4.1.2.5 dhcpsd | CONFIGURATION MANAGEMENT |
| 4.1.2.6 dpid2 | CONFIGURATION MANAGEMENT |
| 4.1.2.7 gated | CONFIGURATION MANAGEMENT |
| 4.1.2.8 hostmibd | CONFIGURATION MANAGEMENT |
| 4.1.2.10 named | CONFIGURATION MANAGEMENT |
| 4.1.2.11 portmap | CONFIGURATION MANAGEMENT |
| 4.1.2.12 routed | CONFIGURATION MANAGEMENT |
| 4.1.2.13 rwhod | CONFIGURATION MANAGEMENT |
| 4.1.2.14 sendmail | CONFIGURATION MANAGEMENT |
| 4.1.2.15 snmpd | CONFIGURATION MANAGEMENT |
| 4.1.2.16 snmpmibd | CONFIGURATION MANAGEMENT |
| 4.1.2.17 timed | CONFIGURATION MANAGEMENT |
| 4.1.3.1 autoconf6 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.1.3.2 ndpd-host | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.1.3.3 ndpd-router | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.1.4.1 NFS - de-install NFS client | CONFIGURATION MANAGEMENT |
| 4.1.4.3 NFS - enable both nosuid and nodev options on NFS client mounts - nodev | ACCESS CONTROL |
| 4.1.4.3 NFS - enable both nosuid and nodev options on NFS client mounts - nosuid | ACCESS CONTROL |
| 4.1.4.4 NFS - localhost removal - localhost removal | CONFIGURATION MANAGEMENT |
| 4.1.4.6 NFS - no_root_squash option | ACCESS CONTROL |
| 4.1.5.1 bootps | CONFIGURATION MANAGEMENT |
