| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in default | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 20.71 Ensure 'Windows PowerShell 2.0' is 'not installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.71 Ensure 'Windows PowerShell 2.0' is 'not installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| Auto-start is not enabled | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| JBOS-AS-000685 - The JRE installed on the JBoss server must be kept up to date. | DISA JBoss EAP 6.3 STIG v2r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL6-00-000002 - The system must use a separate file system for /var. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000009 - The Red Hat Network Service (rhnsd) service must not be running, unless it is being used to query the Oracle Unbreakable Linux Network for updates and information - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000009 - The Red Hat Network Service (rhnsd) service must not be running, unless it is being used to query the Oracle Unbreakable Linux Network for updates and information - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000017 - The system must use a Linux Security Module at boot time. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000030 - The system must not allow accounts configured with blank or null passwords - password-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000031 - The /etc/passwd file must not contain password hashes. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000046 - Library files must be owned by a system account - '/lib' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000046 - Library files must be owned by a system account - '/lib64' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000046 - Library files must be owned by a system account - '/usr/lib' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000047 - All system command files must have mode 755 or less permissive - '/usr/local/sbin' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000057 - The system must require passwords to contain at least one uppercase alphabetic character - password-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000058 - The system must require passwords to contain at least one special character - system-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000059 - The system must require passwords to contain at least one lower-case alphabetic character - password-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000066 - The system boot loader configuration file(s) must be group-owned by root. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000073 - The Department of Defense (DoD) login banner must be displayed immediately prior to, or as part of, console login prompts. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000092 - The system must not respond to ICMPv4 sent to a broadcast address. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000095 - The system must be configured to use TCP syncookies when experiencing a TCP SYN flood. | DISA STIG Oracle Linux 6 v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000096 - The system must use a reverse-path filter for IPv4 network traffic when possible on all interfaces. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000097 - The system must use a reverse-path filter for IPv4 network traffic when possible by default. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000116 - The operating system must connect to external networks or information systems only through managed IPv4 interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000120 - The systems local IPv4 firewall must implement a deny-all, allow-by-exception policy for inbound packets. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000134 - All rsyslog-generated log files must be group-owned by root. | DISA STIG Oracle Linux 6 v2r7 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL6-00-000136 - The operating system must back up audit records on an organization defined frequency onto a different system or media than the system being audited. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000145 - The operating system must produce audit records containing sufficient information to establish the identity of any user/subject associated with the event - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000148 - The operating system must employ automated mechanisms to facilitate the monitoring and control of remote access methods - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000154 - The operating system must produce audit records containing sufficient information to establish what type of events occurred - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000160 - The system must set a maximum audit log file size. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000165 - The audit system must be configured to audit all attempts to alter system time through adjtimex - b32 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000165 - The audit system must be configured to audit all attempts to alter system time through adjtimex - b64 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000167 - The audit system must be configured to audit all attempts to alter system time through settimeofday - b32 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000167 - The audit system must be configured to audit all attempts to alter system time through settimeofday - b64 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000169 - The audit system must be configured to audit all attempts to alter system time through stime - b32 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000174 - The operating system must automatically audit account creation - '/etc/shadow' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000176 - The operating system must automatically audit account disabling actions - '/etc/group' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000176 - The operating system must automatically audit account disabling actions - '/etc/passwd' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000190 - The audit system must be configured to audit all discretionary access control permission modifications using setxattr, lsetxattr, fsetxattr, removexattr, lremovexattr, and fremovexattr - b64 auid=0 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000197 - The audit system must be configured to audit failed attempts to access files and programs - b32 EACCES auid>=500 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000197 - The audit system must be configured to audit failed attempts to access files and programs - b32 EPERM auid>=500 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - b64 auid=0 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000213 - The rsh-server package must not be installed. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000214 - The rshd service must not be running - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000218 - The rlogind service must not be running - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000220 - The ypserv package must not be installed. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
