| 1.1.1.1 Ensure cramfs kernel module is not available | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.4 Ensure overlay kernel module is not available | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.1.4 Ensure noexec option set on /tmp partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.2.4 Ensure noexec option set on /dev/shm partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.3.2 Ensure nodev option set on /home partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.3.3 Ensure nosuid option set on /home partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.4.2 Ensure nodev option set on /var partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.4.3 Ensure nosuid option set on /var partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.5.4 Ensure noexec option set on /var/tmp partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.1.2.6.2 Ensure nodev option set on /var/log partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.1.2.6.3 Ensure nosuid option set on /var/log partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.1.2.7.3 Ensure nosuid option set on /var/log/audit partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.1.2.7.4 Ensure noexec option set on /var/log/audit partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.2.1 Ensure GPG keys are configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Ensure package manager repositories are configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.3.1 Ensure authentication required for single user mode | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.4.1.3 Ensure SELinux policy is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.4.1.4 Ensure the SELinux mode is not disabled | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.1 Ensure core file size is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5.2 Ensure fs.protected_hardlinks is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.5.6 Ensure kernel.kptr_restrict is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5.10 Ensure systemd-coredump Storage is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.6.5 Ensure access to /etc/issue is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.6 Ensure samba file server services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.14 Ensure snmp services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.19 Ensure xinetd services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.21 Ensure mail transfer agents are configured for local-only mode | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure can kernel module is not available | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.3 Ensure net.ipv4.conf.default.forwarding is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.8 Ensure net.ipv4.conf.all.accept_redirects is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.11 Ensure net.ipv4.conf.default.secure_redirects is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.12 Ensure net.ipv4.conf.all.rp_filter is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.13 Ensure net.ipv4.conf.default.rp_filter is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.16 Ensure net.ipv4.conf.all.log_martians is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.18 Ensure net.ipv4.tcp_syncookies is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.2 Ensure access to SSH private host key files is configured | CIS Debian Linux 13 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 5.1.2 Ensure access to SSH private host key files is configured | CIS Debian Linux 13 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.1.2 Ensure access to SSH private host key files is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 5.1.2 Ensure access to SSH private host key files is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 18.9.25.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.24.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.24.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-054470 - AlmaLinux OS 9 audit system must take appropriate action when the audit files have reached maximum size. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000120 - The Cisco switch must be configured to automatically audit account removal actions. | DISA Cisco NX OS Switch NDM STIG v3r6 | Cisco | ACCESS CONTROL |
| CISC-ND-001140 - The Cisco router must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA Cisco IOS Router NDM STIG v3r7 | Cisco | ACCESS CONTROL |
| FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Logs containing auditing information should be secured at the directory level. | TNS IBM HTTP Server Best Practice | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| SLES-12-020060 - The SUSE operating system audit system must take appropriate action when the audit storage volume is full. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010301 - The Ubuntu operating system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-653030 - Ubuntu 22.04 LTS must shut down by default upon audit failure. | DISA Canonical Ubuntu 22.04 LTS STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
