| 2.3 Ensure default user umask is 027 or more restrictive | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.4 Ensure there are no 'other' writable objects | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.1.4 qdaemon | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1.6 cas_agent | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.2.1 Disable ntalk/talk/write - inetd | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.5.2 chargen | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.5.10 imap2 | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.5.16 ntalk | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.5.26 xmquery | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.5.31 uucp | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.5 CDE - sgid/suid binary lockdown - /usr/dt/bin/dtprintinfo | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.9 CDE - /etc/dt/config/Xconfig permissions and ownership - /etc/dt/config/Xconfig permissions and ownership | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.3 directed_broadcast | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.4 icmpaddressmask | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.5 ipforwarding | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.6 ipignoreredirects | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.12 nfs_use_reserved_ports - portcheck | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.13 nonlocsrcroute | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.14 sockthresh | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.15 tcp_pmtu_discover | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1 /etc/security/login.cfg - logintimeout - logintimeout | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL |
| 3.6.1.3 OpenSSH - Banner - banner text | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL |
| 3.6.1.4 Ensure SSH IgnoreRhosts is enabled | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.6.1.7 Configuring SSH - removal of .shosts files | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.6.1.13 Ignore user-provided environment variables | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.6.2.2 /etc/mail/sendmail.cf - permissions and ownership | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6.3.1 FTPD: Prevent world access and group write to files | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.1.1 Ensure all directories in root PATH deny write access to all | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.2.8 /etc/ssh/ssh_config | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.2.10 /var/adm/cron/at.allow | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.2.15 /var/tmp/hostmibd.log | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure root access is controlled - rlogin | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure root access is controlled - sugroups | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.11 Remove current working directory from default /etc/environment PATH | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.13 Lock historical users | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.1.1 All accounts must have a hashed password | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.1.3 All group id's must be unique | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL |
| 4.2.4 maxexpired | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL |
| 4.2.7 minalpha | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.2.9 mindigit | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.2.10 minlen | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.2.14 minupperalpha | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.3.1 adm | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.3.2 bin | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.3.3 daemon | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| 4.3.4 guest | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.3.7 nuucp | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.3.10 Ensure System Accounts cannot access system using ftp. | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.6 Adding authorised users in cron.allow | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL |
| 6.1.1 Configuring syslog - local logging - auth.info in /etc/syslog.conf | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
