| 1.1.1 Ensure mounting of squashfs filesystems is disabled - lsmod | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.15 Ensure nodev option set on /dev/shm partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.1.6 Ensure no unconfined services exist | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1 Ensure message of the day is configured properly | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 1.27 Set 'Remove file extensions blocked as Level 2' to 'Disabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.3 Ensure chrony is not run as the root user | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 2.2.1 Ensure autofs services are not in use | CIS Amazon Linux 2 v3.0.0 L1 | Unix | MEDIA PROTECTION |
| 2.2.4 Ensure dns server services are not in use | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.8 Ensure message access server services are not in use | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.18 Ensure web server services are not in use | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.19 Ensure xinetd services are not in use | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.3 Ensure bluetooth services are not in use | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.6 Ensure secure icmp redirects are not accepted | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.7 Ensure reverse path filtering is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.2.2 Ensure firewalld service enabled and running | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.5 Ensure nftables loopback traffic is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.7 Ensure nftables default deny firewall policy | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.3 Ensure iptables rules exist for all open ports | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.5 Ensure iptables rules are saved | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.6 Ensure iptables service is enabled and active | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.3.3 Ensure ip6tables firewall rules exist for all open ports | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1.2 Ensure permissions on /etc/crontab are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.7 Ensure permissions on /etc/cron.d are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.11 Ensure sshd IgnoreRhosts is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.2.13 Ensure sshd LoginGraceTime is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.2.20 Ensure sshd PermitRootLogin is disabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.2.22 Ensure sshd UsePAM is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.4.2.2.6 Ensure password maximum sequential characters is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.4.2.4.3 Ensure pam_unix includes a strong password hashing algorithm | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.1.1 Ensure strong password hashing algorithm is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.2.1.1 Ensure systemd-journal-remote is installed | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.1.4 Ensure journald is not configured to receive logs from a remote client | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.1.2.2 Ensure journald service is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.3 Ensure journald is configured to compress large log files | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.6 Ensure journald log rotation is configured per site policy | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.3 Ensure logrotate is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3.2 Ensure filesystem integrity is regularly checked | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.3.16 Ensure only FIPS 140-2 ciphers are used for SSH | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.7 Ensure permissions on /etc/gshadow are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.8 Ensure permissions on /etc/gshadow- are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 6.2.6 Ensure no duplicate user names exist | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.8 Ensure root path integrity | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 12.3 Ensure the Apache AppArmor Profile Is in Enforce Mode | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 12.3 Ensure the Apache AppArmor Profile Is in Enforce Mode | CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| CASA-VN-000400 - The Cisco ASA remote access VPN server must be configured to use LDAP over SSL to determine authorization for granting access to the network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | ACCESS CONTROL |
| CISC-ND-001140 - The Cisco router must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | ACCESS CONTROL |
| GEN000290-2 - The system must not have the unnecessary 'news' account. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
