| 1.6.10 Ensure system-wide crypto policies are in effect | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.6.12 Ensure the OpenSSL library is configured to use only ciphers employing FIPS 140-2-approved algorithms | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.7.3 Ensure the Standard Mandatory DoD Notice and Consent Banner are configured | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.4.1.12 Ensure pass_min_len is configured | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.3.7 Ensure the operating system enforces a 60-day maximum password lifetime for new user accounts | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.3.2.9 Ensure the audit system is configured to take an appropriate action when the internal event queue is full | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1.26 Ensure the system-wide shared library files are owned by root | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 7.1.27 Ensure the system-wide shared library files are group-owned by root | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| DTOO104 - Disabling of user name and password syntax from being used in URLs must be enforced. | DISA STIG Microsoft Publisher 2016 v1r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO104 - Word - Disabling of user name and password syntax from being used in URLs must be enforced. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO111 - Enabling IE Bind to Object functionality must be present | DISA STIG Microsoft Publisher 2016 v1r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO117 - Word - Saved from URL mark to assure Internet zone processing must be enforced. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO121 - Word - Files from the Internet zone must be opened in Protected View. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO123 - Navigation to URLs embedded in Office products must be blocked | DISA STIG Microsoft Publisher 2016 v1r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO123 - Navigation to URLs embedded in Office products must be blocked. | DISA STIG Microsoft Project 2016 v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO131 - Trust Bar Notifications for unsigned application add-ins must be blocked. | DISA STIG Microsoft Project 2016 v1r1 | Windows | CONFIGURATION MANAGEMENT |
| DTOO131 - Word - Trust Bar Notifications for unsigned application add-ins must be blocked. | DISA STIG Office 2010 Word v1r12 | Windows | CONFIGURATION MANAGEMENT |
| DTOO132 - File Downloads must be configured for proper restrictions. | DISA STIG Microsoft Project 2016 v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO209 - Word - Protection from zone elevation must be enforced. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO302 - Word - The automatically update links feature must be configured as off. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO322 - Publisher - Fatally corrupt files must be blocked from opening. | DISA STIG Office 2010 Publisher v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000242 - The system must use at least two time sources for clock synchronization - 'NTP daemon is started at boot' | DISA AIX 5.3 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts - 'results of last should be reviewed' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN000540 - Users must not be able to change passwords more than once every 24 hours. | DISA AIX 5.3 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000640 - The system must require that passwords contain at least one special character. | DISA AIX 5.3 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000760 - Accounts must be locked upon 35 days of inactivity. | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001020 - The root account must not be used for direct logins. | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001210 - All system command files must not have extended ACLs - '/etc/*' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001210 - All system command files must not have extended ACLs - '/usr/bin/*' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001730 - All global initialization files must not have extended ACLs - '/etc/.login' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001730 - All global initialization files must not have extended ACLs - '/etc/security/environ' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001840 - All global initialization files' executable search paths must contain only absolute paths - '/etc/.login' | DISA AIX 5.3 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001840 - All global initialization files' executable search paths must contain only absolute paths - '/etc/environment' | DISA AIX 5.3 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001845 - Global initialization files' library search paths must contain only absolute paths - '/etc/bashrc' | DISA AIX 5.3 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001890 - Local initialization files must not have extended ACLs - '.dtprofile' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001890 - Local initialization files must not have extended ACLs - '.login' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001901 - Local initialization files' library search paths must contain only absolute paths - 'LD_LIBRARY_PATH' | DISA AIX 5.3 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN002300 - Device files used for backup must only be readable and/or writable by root or the backup user - '/dev/rmt*' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN002430 - Removable media, remote file systems and any file system not containing approved device files must be mounted with nodev | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN002990 - The cron.allow file must not have an extended ACL. | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'adm' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'esaadmin' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'nobody' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'nuucp' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'uucp' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003190 - The cron log files must not have extended ACLs. | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003245 - The at.allow file must not have an extended ACL. | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'adm' - at.allow | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'esaadmin' - at.allow | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'Virtual Directories - AspScriptTimeout set to 90 or less' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
