| ALMA-09-001010 - AlmaLinux OS 9 must limit the number of concurrent sessions to ten for all accounts and/or account types. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-002880 - All AlmaLinux OS 9 remote access methods must be monitored. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-002990 - AlmaLinux OS 9 SSH client must be configured to use only encryption ciphers employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-003540 - The AlmaLinux OS 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-003870 - AlmaLinux OS 9 IP tunnels must use FIPS 140-3 approved cryptographic algorithms. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-004310 - AlmaLinux OS 9 must use the TuxCare ESU repository. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-004320 - AlmaLinux OS 9 must use the TuxCare FIPS packages and not the default encryption packages. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-007500 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-007610 - AlmaLinux OS 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-007720 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-008160 - AlmaLinux OS 9 must maintain an account lock until the locked account is manually released by an administrator; and not automatically after a set time. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-008490 - AlmaLinux OS 9 must prevent users from disabling the Standard Mandatory DOD Notice and Consent Banner for graphical user interfaces. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-009590 - AlmaLinux OS 9 must check the GPG signature of software packages originating from external software repositories before installation. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-010140 - AlmaLinux OS 9 must prevent the loading of a new kernel for later execution. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-010910 - AlmaLinux OS 9 library files must be group-owned by root or a system account. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-011240 - AlmaLinux OS 9 must disable core dumps for all users. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-011570 - AlmaLinux OS 9 must disable core dump backtraces. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-011680 - AlmaLinux OS 9 must disable the kernel.core_pattern. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-011900 - AlmaLinux OS 9 cron configuration files directory must be owned by root. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-014320 - The graphical display manager must not be the default target on AlmaLinux OS 9 unless approved. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-016630 - AlmaLinux OS 9 /etc/shadow- file must be group-owned by root. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-017180 - AlmaLinux OS 9 /etc/shadow file must have mode 0000 to prevent unauthorized access. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-018280 - AlmaLinux OS 9 must be configured so that the file integrity tool verifies extended attributes. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-020590 - The AlmaLinux OS 9 SSH server configuration file must be owned by root. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-021800 - AlmaLinux OS 9 must enable hardening for the Berkeley Packet Filter (BPF) just-in-time (JIT) compiler. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-022900 - AlmaLinux OS 9 must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-023560 - AlmaLinux OS 9 must configure a DNS processing mode set be Network Manager. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-023670 - AlmaLinux OS 9 systems using Domain Name Servers (DNS) resolution must have at least two name servers configured. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-023780 - AlmaLinux OS 9 must prevent special devices on nonroot local partitions. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-025540 - AlmaLinux OS 9 must use a separate file system for /var/tmp. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-025650 - AlmaLinux OS 9 must disable virtual system calls. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-025760 - AlmaLinux OS 9 must use cron logging. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-026530 - AlmaLinux OS 9 must mount /dev/shm with the nodev option. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-027080 - AlmaLinux OS 9 must mount /tmp with the nosuid option. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-027190 - AlmaLinux OS 9 must mount /var/log/audit with the nodev option. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-027740 - AlmaLinux OS 9 must mount /var/log with the nosuid option. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-028070 - AlmaLinux OS 9 must mount /var/tmp with the noexec option. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-028730 - AlmaLinux OS 9 must not have the iprutils package installed. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-029610 - AlmaLinux OS 9 must disable the Asynchronous Transfer Mode (ATM) kernel module. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-030930 - AlmaLinux OS 9 must not have the tuned package installed. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-033020 - Duplicate User IDs (UIDs) must not exist for interactive users. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics: | AirWatch - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-006700 - Google Android 12 allowlist must be configured to not include applications with the following characteristics: 1. Back up mobile device (MD) data to non-DoD cloud servers (including user and application access to cloud backup services);2. Transmit MD diagnostic data to non-DoD servers;3. Voice assistant application if available when MD is locked;4. Voice dialing application if available when MD is locked;5. Allows synchronization of data or applications between devices associated with user; and6. Allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-706700 - Google Android 13 allowlist must be configured to not include applications with the following characteristics (work profile only): | AirWatch - DISA Google Android 13 BYOAD v1r3 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-001100 - The Honeywell Mobility Edge Android Pie device whitelist must be configured to not include applications with the following characteristics: | AirWatch - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-001100 - The Honeywell Mobility Edge Android Pie device whitelist must be configured to not include applications with the following characteristics: | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-13-006700 - Honeywell Android 13 allowlist must be configured to not include applications with the following characteristics: | AirWatch - DISA Honeywell Android 13 COBO STIG v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-006700 - Honeywell Android 13 allowlist must be configured to not include applications with the following characteristics: | MobileIron - DISA Honeywell Android 13 COBO STIG v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| MOTO-09-001100 - The Motorola Android Pie whitelist must be configured to not include applications with the following characteristics: | MobileIron - DISA Motorola Android Pie.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-001100 - Zebra Android 10 whitelist must be configured to not include applications with the following characteristics: | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
