| SLES-12-010000 - The SUSE operating system must be a vendor-supported release. | DISA SLES 12 STIG v3r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SLES-12-010060 - The SUSE operating system must be able to lock the graphical user interface (GUI). | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL |
| SLES-12-010090 - The SUSE operating system must initiate a session lock after a 10-minute period of inactivity. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL |
| SLES-12-010109 - The SUSE operating system must specify the default 'include' directory for the /etc/sudoers file - include directory for the /etc/sudoers file. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010112 - The SUSE operating system must use the invoking user's password for privilege escalation when using 'sudo' - sudo. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL |
| SLES-12-010150 - The SUSE operating system must enforce passwords that contain at least one upper-case character. | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010290 - The SUSE operating system must employ user passwords with a maximum lifetime of 60 days. | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010340 - The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration. | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010430 - SUSE operating systems with a basic input/output system (BIOS) must require authentication upon booting into single-user and maintenance modes. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL |
| SLES-12-010570 - The SUSE operating system must remove all outdated software components after updated versions have been installed. | DISA SLES 12 STIG v3r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SLES-12-010640 - The SUSE operating system must not have duplicate User IDs (UIDs) for interactive users. | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010790 - SUSE operating system file systems that contain user home directories must be mounted to prevent files with the setuid and setgid bit set from being executed. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010800 - SUSE operating system file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010860 - The SUSE operating system must use a separate file system for /var. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010872 - The SUSE operating system library directories must have mode 0755 or less permissive. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010882 - The SUSE operating system must have system commands group-owned by root or a system account. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-020010 - SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| SLES-12-020020 - The SUSE operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020030 - The SUSE operating system auditd service must notify the System Administrator (SA) and Information System Security Officer (ISSO) immediately when audit storage capacity is 75 percent full. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020040 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must be alerted of a SUSE operating system audit processing failure event. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020050 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must have mail aliases to be notified of a SUSE operating system audit processing failure. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020070 - The audit-audispd-plugins must be installed on the SUSE operating system. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020110 - Audispd must take appropriate action when the SUSE operating system audit storage is full. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020130 - The SUSE operating system audit tools must have the proper permissions configured to protect against unauthorized access. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020200 - The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| SLES-12-020240 - The SUSE operating system must generate audit records for all uses of the privileged functions. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| SLES-12-020250 - The SUSE operating system must generate audit records for all uses of the su command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020280 - The SUSE operating system must generate audit records for all uses of the chfn command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020490 - The SUSE operating system must generate audit records for all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020580 - The SUSE operating system must generate audit records for a uses of the chsh command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020600 - The SUSE operating system must generate audit records for all uses of the chmod command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020610 - The SUSE operating system must generate audit records for all uses of the setfacl command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020650 - The SUSE operating system must generate audit records for all modifications to the tallylog file must generate an audit record. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020670 - The SUSE operating system must generate audit records for all uses of the passmass command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020680 - The SUSE operating system must generate audit records for all uses of the unix_chkpwd command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020700 - The SUSE operating system must generate audit records for all uses of the usermod command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020710 - The SUSE operating system must generate audit records for all uses of the crontab command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020720 - The SUSE operating system must generate audit records for all uses of the pam_timestamp_check command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020730 - The SUSE operating system must generate audit records for all uses of the delete_module command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-030000 - The SUSE operating system must not have the telnet-server package installed. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| SLES-12-030011 - The SUSE operating system must not have the vsftpd package installed if not required for operational support. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| SLES-12-030030 - The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT |
| SLES-12-030180 - The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL, MAINTENANCE |
| SLES-12-030230 - The SUSE operating system SSH daemon must perform strict mode checking of home directory configuration files. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030300 - The SUSE operating system clock must, for networked systems, be synchronized to an authoritative DoD time source at least every 24 hours. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-030361 - The SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030370 - The SUSE operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030420 - The SUSE operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030520 - The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM). | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-030611 - The SUSE operating system must use a virus scan program. | DISA SLES 12 STIG v3r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
