| DISA_STIG_Red_Hat_Enterprise_Linux_10_v1r1.audit from DISA Red Hat Enterprise Linux 10 STIG v1r1 | |
| RHEL-10-000500 - RHEL 10 must enable FIPS mode. | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-000510 - RHEL 10 must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information on local disk partitions that requires at-rest protection. | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-000520 - RHEL 10 must use a separate file system for the system audit data path. | AUDIT AND ACCOUNTABILITY |
| RHEL-10-000530 - RHEL 10 must use a separate file system for user home directories (such as "/home" or an equivalent). | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-000540 - RHEL 10 must use a separate file system for "/tmp". | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-000550 - RHEL 10 must use a separate file system for "/var". | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-000560 - RHEL 10 must use a separate file system for "/var/log". | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-000570 - RHEL 10 must use a separate file system for "/var/tmp". | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-001000 - RHEL 10 must be a vendor-supported release. | SYSTEM AND SERVICES ACQUISITION |
| RHEL-10-001020 - RHEL 10 must ensure cryptographic verification of vendor software packages. | CONFIGURATION MANAGEMENT |
| RHEL-10-001030 - RHEL 10 must check the GNU Privacy Guard (GPG) signature of software packages originating from external software repositories before installation. | CONFIGURATION MANAGEMENT |
| RHEL-10-001040 - RHEL 10 must check the GNU Privacy Guard (GPG) signature of locally installed software packages before installation. | CONFIGURATION MANAGEMENT |
| RHEL-10-001050 - RHEL 10 must have GNU Privacy Guard (GPG) signature verification enabled for all software repositories. | CONFIGURATION MANAGEMENT |
| RHEL-10-200000 - RHEL 10 must remove all software components after updated versions have been installed. | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-200010 - RHEL 10 must not have the "nfs-utils" package installed. | CONFIGURATION MANAGEMENT |
| RHEL-10-200020 - RHEL 10 must not have the "telnet-server" package installed. | CONFIGURATION MANAGEMENT |
| RHEL-10-200030 - RHEL 10 must not have the "gssproxy" package installed. | CONFIGURATION MANAGEMENT |
| RHEL-10-200040 - RHEL 10 must not have the tuned package installed. | CONFIGURATION MANAGEMENT |
| RHEL-10-200050 - RHEL 10 must not have a Trivial File Transfer Protocol (TFTP) server package installed unless it is required by the mission, and if required, the TFTP daemon must be configured to operate in secure mode. | CONFIGURATION MANAGEMENT |
| RHEL-10-200060 - RHEL 10 must not have the unbound package installed. | CONFIGURATION MANAGEMENT |
| RHEL-10-200070 - RHEL 10 must not have the "tftp" package installed. | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-200080 - RHEL 10 must not have the "gdm" package installed. | CONFIGURATION MANAGEMENT |
| RHEL-10-200090 - RHEL 10 must not have a File Transfer Protocol (FTP) server package installed. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-200500 - RHEL 10 must have the "subscription-manager" package installed. | CONFIGURATION MANAGEMENT |
| RHEL-10-200510 - RHEL 10 must have the "nss-tools" package installed. | CONFIGURATION MANAGEMENT |
| RHEL-10-200520 - RHEL 10 must have the "s-nail" package installed. | CONFIGURATION MANAGEMENT |
| RHEL-10-200530 - RHEL 10 must have the "firewalld" package installed. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-10-200531 - RHEL 10 must have the "firewalld" service set to active. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-10-200532 - RHEL 10 must employ a deny-all, allow-by-exception policy for allowing connections to other systems. | ACCESS CONTROL |
| RHEL-10-200540 - RHEL 10 must have the "chrony" package installed. | AUDIT AND ACCOUNTABILITY |
| RHEL-10-200541 - RHEL 10 must enable the chronyd service. | AUDIT AND ACCOUNTABILITY |
| RHEL-10-200542 - RHEL 10 must disable the chrony daemon from acting as a server. | CONFIGURATION MANAGEMENT |
| RHEL-10-200543 - RHEL 10 must disable network management of the chrony daemon. | CONFIGURATION MANAGEMENT |
| RHEL-10-200560 - RHEL 10 must have the USBGuard package installed. | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-200561 - RHEL 10 must have the USBGuard package enabled. | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-200562 - RHEL 10 must block unauthorized peripherals before establishing a connection. | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-200563 - RHEL 10 must enable audit logging for the USBGuard daemon. | AUDIT AND ACCOUNTABILITY |
| RHEL-10-200570 - RHEL 10 must have the "policycoreutils" package installed. | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-200580 - RHEL 10 must have the "policycoreutils-python-utils" package installed. | CONFIGURATION MANAGEMENT |
| RHEL-10-200590 - RHEL 10 must have the "sudo" package installed. | ACCESS CONTROL |
| RHEL-10-200600 - RHEL 10 must have the "fapolicy" module installed. | CONFIGURATION MANAGEMENT |
| RHEL-10-200601 - RHEL 10 must enable the "fapolicy" module. | CONFIGURATION MANAGEMENT |
| RHEL-10-200602 - RHEL 10 must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. | CONFIGURATION MANAGEMENT |
| RHEL-10-200610 - RHEL 10 must have the "pcsc-lite" package installed. | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-200611 - RHEL 10 must have the "pcscd" service set to active. | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-200612 - RHEL 10 must have the "pcsc-lite-ccid" package installed. | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-200620 - RHEL 10 must have the "opensc" package installed. | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-200621 - RHEL 10 must use the common access card (CAC) smart card driver. | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-200630 - RHEL 10 must have the Advanced Intrusion Detection Environment (AIDE) package installed. | SYSTEM AND INFORMATION INTEGRITY |
