| AZLX-23-000100 - Amazon Linux 2023 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-000110 - Amazon Linux 2023 must ensure cryptographic verification of vendor software packages. | CONFIGURATION MANAGEMENT |
| AZLX-23-000115 - Amazon Linux 2023 must check the GPG signature of locally installed software packages before installation. | CONFIGURATION MANAGEMENT |
| AZLX-23-000120 - Amazon Linux 2023 must check the GPG signature of software packages originating from external software repositories before installation. | CONFIGURATION MANAGEMENT |
| AZLX-23-000125 - Amazon Linux 2023 must have GPG signature verification enabled for all software repositories. | CONFIGURATION MANAGEMENT |
| AZLX-23-000130 - Amazon Linux 2023 must be a vendor-supported release. | SYSTEM AND INFORMATION INTEGRITY |
| AZLX-23-000135 - Amazon Linux 2023 systemd-journald service must be enabled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-000200 - Amazon Linux 2023 must restrict access to the kernel message buffer. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-000205 - Amazon Linux 2023 must prevent kernel profiling by nonprivileged users. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-000210 - Amazon Linux 2023 must restrict exposed kernel pointer addresses access. | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| AZLX-23-000215 - Amazon Linux 2023 must disable access to network bpf system call from nonprivileged processes. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-000220 - Amazon Linux 2023 must restrict usage of ptrace to descendant processes. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-000225 - Amazon Linux 2023 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution. | SYSTEM AND INFORMATION INTEGRITY |
| AZLX-23-000300 - Amazon Linux 2023 must not have the vsftpd package installed. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AZLX-23-000305 - Amazon Linux 2023 must not have the sendmail package installed. | CONFIGURATION MANAGEMENT |
| AZLX-23-000310 - Amazon Linux 2023 must not have the nfs-utils package installed. | CONFIGURATION MANAGEMENT |
| AZLX-23-000315 - Amazon Linux 2023 must not have the telnet-server package installed. | CONFIGURATION MANAGEMENT |
| AZLX-23-000320 - Amazon Linux 2023 must not have the gssproxy package installed. | CONFIGURATION MANAGEMENT |
| AZLX-23-001000 - Amazon Linux 2023 must have the sudo package installed. | ACCESS CONTROL |
| AZLX-23-001005 - Amazon Linux 2023 must not be configured to bypass password requirements for privilege escalation. | ACCESS CONTROL |
| AZLX-23-001010 - Amazon Linux 2023 must require reauthentication when using the "sudo" command. | IDENTIFICATION AND AUTHENTICATION |
| AZLX-23-001015 - Amazon Linux 2023 must require users to reauthenticate for privilege escalation. | IDENTIFICATION AND AUTHENTICATION |
| AZLX-23-001020 - Amazon Linux 2023 must require users to provide a password for privilege escalation. | CONFIGURATION MANAGEMENT |
| AZLX-23-001025 - Amazon Linux 2023 must have the audit package installed. | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AZLX-23-001030 - Amazon Linux 2023 must produce audit records containing information to establish what type of events occurred. | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AZLX-23-001035 - Amazon Linux 2023 audispd-plugins package must be installed. | AUDIT AND ACCOUNTABILITY |
| AZLX-23-001040 - Amazon Linux 2023 must have the rsyslog package installed. | AUDIT AND ACCOUNTABILITY |
| AZLX-23-001045 - Amazon Linux 2023 must monitor remote access methods. | ACCESS CONTROL |
| AZLX-23-001050 - Amazon Linux 2023 must have the chrony package installed. | AUDIT AND ACCOUNTABILITY |
| AZLX-23-001055 - Amazon Linux 2023 chronyd service must be enabled. | AUDIT AND ACCOUNTABILITY |
| AZLX-23-001060 - Amazon Linux 2023 must have the Advanced Intrusion Detection Environment (AIDE) package installed. | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| AZLX-23-001065 - Amazon Linux 2023 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered. | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| AZLX-23-001070 - Amazon Linux 2023 must use cryptographic mechanisms to protect the integrity of audit tools. | AUDIT AND ACCOUNTABILITY |
| AZLX-23-001075 - Amazon Linux 2023 must have the firewalld package installed. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AZLX-23-001080 - Amazon Linux 2023 must have the firewalld servicew active. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AZLX-23-001085 - Amazon Linux 2023 must be configured to disable nonessential capabilities. | CONFIGURATION MANAGEMENT |
| AZLX-23-001090 - Amazon Linux 2023 must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial-of-service (DoS) attacks. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-001095 - Amazon Linux 2023 must have the s-nail package installed. | CONFIGURATION MANAGEMENT |
| AZLX-23-001105 - Amazon Linux 2023 must have the libreswan package installed. | IDENTIFICATION AND AUTHENTICATION |
| AZLX-23-001110 - Amazon Linux 2023 must have the policycoreutils package installed. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-001115 - Amazon Linux 2023 must have the pcsc-lite package installed. | IDENTIFICATION AND AUTHENTICATION |
| AZLX-23-001120 - Amazon Linux 2023 must have the packages required for encrypting off-loaded audit logs installed. | IDENTIFICATION AND AUTHENTICATION |
| AZLX-23-001125 - Amazon Linux 2023 must have the opensc package installed. | IDENTIFICATION AND AUTHENTICATION |
| AZLX-23-001130 - Amazon Linux 2023 must have the openssl-pkcs11 package installed. | IDENTIFICATION AND AUTHENTICATION |
| AZLX-23-001180 - Amazon Linux 2023 must have SSH installed. | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-001185 - Amazon Linux 2023 must implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission. | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-001195 - Amazon Linux 2023 must have the crypto-policies package installed. | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-001200 - Amazon Linux 2023 SSH server must be configured to use systemwide crypto policies. | ACCESS CONTROL |
| AZLX-23-001205 - Amazon Linux 2023 server must be configured to use only DOD-approved encryption ciphers employing FIPS 140-2/140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | ACCESS CONTROL |
| AZLX-23-001210 - Amazon Linux 2023 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2/140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | ACCESS CONTROL |
