1.1.2 Ensure /tmp is configured - or equivalent.

800-53|CM-6b.

CCI|CCI-000366

CSCv6|9.1

CSCv7|14.6

Rule-ID|SV-204496r603261_rule

STIG-ID|RHEL-07-021340

1.1.7 Ensure noexec option set on /dev/shm partition - fstab

800-53|CM-7(2)

CCI|CCI-001764

CSCv6|3.1

Rule-ID|SV-204486r603261_rule

STIG-ID|RHEL-07-021024

1.1.7 Ensure noexec option set on /dev/shm partition - mount

1.1.8 Ensure nodev option set on /dev/shm partition - fstab

1.1.8 Ensure nodev option set on /dev/shm partition - mount

1.1.9 Ensure nosuid option set on /dev/shm partition - fstab

1.1.9 Ensure nosuid option set on /dev/shm partition - mount

1.1.10 Ensure separate partition exists for /var

Rule-ID|SV-204494r603261_rule

STIG-ID|RHEL-07-021320

1.1.16 Ensure separate partition exists for /var/log/audit

CSCv6|6.3

CSCv7|6.4

Rule-ID|SV-204495r603261_rule

STIG-ID|RHEL-07-021330

1.1.19 Ensure nosuid is set on users' home directories.

Rule-ID|SV-204480r603838_rule

STIG-ID|RHEL-07-021000

1.1.22 Ensure nosuid option set on removable media partitions

Rule-ID|SV-204481r603261_rule

STIG-ID|RHEL-07-021010

1.1.23 Ensure noexec option is configured for NFS - NFS.

Rule-ID|SV-204483r603261_rule

STIG-ID|RHEL-07-021021

1.1.24 Ensure nosuid option is set for NFS - NFS.

Rule-ID|SV-204482r603261_rule

STIG-ID|RHEL-07-021020

1.1.26 Ensure all world-writable directories are group-owned.

Rule-ID|SV-204487r744106_rule

STIG-ID|RHEL-07-021030

800-53|IA-3

CCI|CCI-000778

CCI|CCI-001958

CSCv7|8.4

CSCv7|8.5

Rule-ID|SV-204451r603261_rule

STIG-ID|RHEL-07-020110

Rule-ID|SV-204449r603261_rule

STIG-ID|RHEL-07-020100

1.2.3 Ensure gpgcheck is globally activated - CA that is recognized and approved by the organization.

800-53|CM-5(3)

CCI|CCI-001749

CSCv7|3.4

Rule-ID|SV-204447r603261_rule

STIG-ID|RHEL-07-020050

1.2.6 Ensure software packages have been digitally signed by a Certificate Authority (CA) - CA that is recognized and approved by the organization.

CSCv7|3.5

Rule-ID|SV-204448r603261_rule

STIG-ID|RHEL-07-020060

1.2.7 Ensure removal of software components after update

800-53|SI-2(6)

CCI|CCI-002617

Rule-ID|SV-204452r603261_rule

STIG-ID|RHEL-07-020200

1.2.8 Ensure the version of the operating system is an active vendor supported release

CSCv7|2.2

Rule-ID|SV-204458r744100_rule

STIG-ID|RHEL-07-020250

800-53|CM-3(5)

CCI|CCI-001744

CSCv6|2.2

CSCv7|14.9

Rule-ID|SV-204445r603261_rule

STIG-ID|RHEL-07-020030

1.3.2 Ensure filesystem integrity is regularly checked - aide

Rule-ID|SV-204446r603261_rule

STIG-ID|RHEL-07-020040

1.3.2 Ensure filesystem integrity is regularly checked - cron

1.3.2 Ensure filesystem integrity is regularly checked - mail

1.3.3 Ensure AIDE is configured to verify ACLs - config

Rule-ID|SV-204498r603261_rule

STIG-ID|RHEL-07-021600

1.3.3 Ensure AIDE is configured to verify ACLs - installed

1.3.4 Ensure AIDE is configured to verify XATTRS - config

Rule-ID|SV-204499r603261_rule

STIG-ID|RHEL-07-021610

1.3.4 Ensure AIDE is configured to verify XATTRS - installed

1.3.5 Ensure AIDE is configured to use FIPS 140-2 - installed

Rule-ID|SV-204500r603261_rule

STIG-ID|RHEL-07-021620

1.3.5 Ensure AIDE is configured to use FIPS 140-2 - sha512

1.4.1 Ensure bootloader password is set - password efi grub

800-53|AC-3

CCI|CCI-000213

CSCv7|5.1

Rule-ID|SV-204436r603261_rule

Rule-ID|SV-204438r744095_rule

Rule-ID|SV-204439r603261_rule

Rule-ID|SV-204440r744098_rule

STIG-ID|RHEL-07-010490

1.4.1 Ensure bootloader password is set - password efi user

STIG-ID|RHEL-07-010491

1.4.1 Ensure bootloader password is set - password grub

STIG-ID|RHEL-07-010480

1.4.1 Ensure bootloader password is set - password user

STIG-ID|RHEL-07-010482

1.4.1 Ensure bootloader password is set - superusers efi

1.4.1 Ensure bootloader password is set - superusers grub

1.4.3 Ensure authentication required for single user mode

Rule-ID|SV-204437r603261_rule

STIG-ID|RHEL-07-010481

1.4.4 Ensure boot loader does not allow removable media

800-53|CM-3f.

800-53|CM-5(1)

800-53|CM-6c.

800-53|CM-11(2)

CCI|CCI-000318

CCI|CCI-000368

CCI|CCI-001812

CCI|CCI-001813

CCI|CCI-001814

Rule-ID|SV-204501r603261_rule

STIG-ID|RHEL-07-021700

1.4.5 Ensure version 7.2 or newer booted with a BIOS have a unique name for the grub superusers account

Rule-ID|SV-244557r744063_rule

STIG-ID|RHEL-07-010483

1.4.6 Ensure version 7.2 or newer booted with UEFI have a unique name for the grub superusers account - UEFI must have a unique name for the grub superusers account when booting into single-user mode and maintenance.

Rule-ID|SV-244558r744066_rule

STIG-ID|RHEL-07-010492

1.5.3 Ensure address space layout randomization (ASLR) is enabled - config

CSCv7|8.3

Rule-ID|SV-204584r603261_rule

STIG-ID|RHEL-07-040201

1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl

1.5.5 Ensure number of concurrent sessions is limited

800-53|AC-10

CCI|CCI-000054

Rule-ID|SV-204576r603261_rule

STIG-ID|RHEL-07-040000

1.5.6 Ensure the Ctrl-Alt-Delete key sequence is disabled - inactive

Rule-ID|SV-204455r603261_rule

STIG-ID|RHEL-07-020230

1.5.6 Ensure the Ctrl-Alt-Delete key sequence is disabled - target

1.5.7 Ensure kernel core dumps are disabled.

Rule-ID|SV-204492r603261_rule

STIG-ID|RHEL-07-021300

1.5.8 Ensure DNS is servers are configured - immutable

Rule-ID|SV-204608r603261_rule

STIG-ID|RHEL-07-040600

1.5.8 Ensure DNS is servers are configured - nameserver 1

1.5.8 Ensure DNS is servers are configured - nameserver 2

1.5.8 Ensure DNS is servers are configured - no dns

1.5.9 Ensure NIST FIPS-validated cryptography is configured - etc

800-53|AC-17(2)

800-53|SC-13

800-53|SC-28

800-53|SC-28(1)

CCI|CCI-000068

CCI|CCI-001199

CCI|CCI-002450

CCI|CCI-002476

CSCv7|14.4

CSCv7|18.5

Rule-ID|SV-204497r603261_rule

STIG-ID|RHEL-07-021350

1.5.9 Ensure NIST FIPS-validated cryptography is configured - grub

1.5.9 Ensure NIST FIPS-validated cryptography is configured - proc

1.5.9 Ensure NIST FIPS-validated cryptography is configured - rpm

1.6.1.3 Ensure SELinux policy is configured

800-53|AC-3(4)

800-53|SI-6a.

CCI|CCI-002165

CCI|CCI-002696

Rule-ID|SV-204454r754748_rule

STIG-ID|RHEL-07-020220

1.6.1.5 Ensure the SELinux mode is enforcing

Rule-ID|SV-204453r754746_rule

STIG-ID|RHEL-07-020210

1.6.1.9 Ensure non-privileged users are prevented from executing privileged functions

800-53|AC-6(10)

CCI|CCI-002235

CSCv7|4

Rule-ID|SV-204444r754744_rule

STIG-ID|RHEL-07-020020

1.6.1.10 Ensure system device files are labeled - device_t

Rule-ID|SV-204479r603261_rule

STIG-ID|RHEL-07-020900

1.6.1.10 Ensure system device files are labeled - unlabeled_t

1.7.3 Ensure the Standard Mandatory DoD Notice and Consent Banner are configured

800-53|AC-8a.

CCI|CCI-000048

Rule-ID|SV-204395r603261_rule

STIG-ID|RHEL-07-010050

1.7.8 Ensure the Standard Mandatory DoD Notice and Consent Banner are configured - issue

Detections

Analytics

Revision 1.13

Sep 19, 2023

Functional Update

Miscellaneous