| 1.3.3.2 Ensure SSH client and server packages are installed on AIX 7.2 | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.4.1 Ensure Secure by Default is selected during the installation | CONFIGURATION MANAGEMENT |
| 2.1 Ensure system configuration is documented and verified regularly | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 2.2 Ensure system Microcode Discovery Service (MDS) is performed regularly | CONFIGURATION MANAGEMENT |
| 2.5 Ensure Unauthorized Applications are reported | CONFIGURATION MANAGEMENT |
| 2.8 Ensure unused symbolic links are removed | CONFIGURATION MANAGEMENT |
| 3.1 Ensure default user umask is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2 Ensure world writable directories have the SVTX bit set | ACCESS CONTROL, MEDIA PROTECTION |
| 3.4 Ensure world writable files are secured | ACCESS CONTROL, MEDIA PROTECTION |
| 3.5 Ensure there are no group staff writable files | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure no files or directories without an owner and a group exist | MEDIA PROTECTION |
| 4.1.1.1 Ensure access on root user smit.log is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.2 Ensure access on /etc/group is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.3 Ensure access on /etc/inetd.conf is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.4 Ensure access on /etc/motd is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.5 Ensure access on /etc/passwd is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.6 Ensure /etc/mail/submit.cf access is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.7 Ensure access to /etc/ssh/ssh_banner is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.8 Ensure access on /etc/ssh/ssh_config is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.9 Ensure access on /etc/ssh/sshd_config is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.10 Ensure access on /var/adm/cron/at.allow is configured | ACCESS CONTROL |
| 4.1.1.11 Ensure access on /var/adm/cron/cron.allow is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.12 Ensure access on /var/adm/cron/log is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.13 Ensure access on /var/ct/RMstart.log is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.14 Ensure access on /var/tmp/dpid2.log is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.15 Ensure access on /var/tmp/hostmibd.log is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.16 Ensure access on /var/tmp/snmpd.log is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.17 Ensure crontab is restricted to authorized users | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.18 Ensure Home directory configuration file access is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.19 Ensure SUID and SGID files are reviewed | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.1 Ensure local user Home directories exists | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.2 Ensure Home directories access is configured | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1.2.3 Ensure Home directory write access is restricted to owner | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.4 Ensure access on /audit and /etc/security/audit is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.5 Ensure access to /etc/security is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.6 Ensure access on /var/adm/ras is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.7 Ensure access on /var/adm/sa is configured | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1.2.8 Ensure access on /var/spool/cron/crontabs is configured | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1.2.9 Ensure all directories in root PATH access is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.10 Ensure root user has a dedicated home directory | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.1 Ensure sendmail is not in use | CONFIGURATION MANAGEMENT |
| 4.2.2 Ensure NIS client is not installed | CONFIGURATION MANAGEMENT |
| 4.2.3 Ensure NIS server services are not in use | CONFIGURATION MANAGEMENT |
| 4.2.4 Ensure legacy NIS markers are removed | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.7 Ensure legacy remote daemon support is not available | CONFIGURATION MANAGEMENT |
| 4.2.8 Ensure snmpd is not installed | CONFIGURATION MANAGEMENT |
| 4.3.1.1 Ensure writesrv service is not in use | CONFIGURATION MANAGEMENT |
| 4.3.1.2 Ensure dt service is not in use | CONFIGURATION MANAGEMENT |
| 4.3.1.3 Ensure piobe service is not in use | CONFIGURATION MANAGEMENT |
| 4.3.1.4 Ensure qdaemon service is not in use | CONFIGURATION MANAGEMENT |
