| 1.1.1.3 Ensure hfsplus kernel module is not available | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.1.2 Ensure nodev option set on /tmp partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.2.3 Ensure nosuid option set on /dev/shm partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.7.1 Ensure separate partition exists for /var/log/audit | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 1.4.1.1 Ensure SELinux is installed | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.5.8 Ensure kernel.randomize_va_space is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1 Ensure message of the day is configured properly | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.8 Ensure message access server services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.11 Ensure print server services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.16 Ensure tftp server services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure web proxy server services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.3.3 Ensure nis client is not installed | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.3.5 Ensure tftp client is not installed | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure IPv6 status is identified | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.1 Ensure net.ipv4.ip_forward is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2.3 Ensure net.ipv6.conf.all.accept_redirects is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2.4 Ensure net.ipv6.conf.default.accept_redirects is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.2.3 Ensure access to SSH public host key files is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4 Ensure sshd access is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.5 Ensure sshd Banner is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.2.14 Ensure sshd LogLevel is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 5.2.16 Ensure sshd MaxAuthTries is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.19 Ensure sshd PermitEmptyPasswords is disabled | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure sudo is installed | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.3.3 Ensure sudo log file exists | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3.6 Ensure sudo authentication timeout is configured correctly | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.4.1.1 Ensure latest version of pam is installed | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.2.2.2 Ensure password number of changed characters is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.2.2.3 Ensure password length is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.2.2.5 Ensure password same consecutive characters is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.2.4.1 Ensure pam_unix does not include nullok | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.1 Ensure password expiration is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.5 Ensure inactive password lock is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.6 Ensure all users last password change date is in the past | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.2.3 Ensure group root is the only GID 0 group | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION |
| 5.5.2.7 Ensure system accounts do not have a valid login shell | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.1.2 Ensure systemd-journal-remote service is not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 6.1.2.3 Ensure rsyslog log file creation mode is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 6.1.2.7 Ensure logrotate is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1.3.1 Ensure access to all logfiles has been configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.1 Ensure AIDE is installed | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 7.1.3 Ensure access to /etc/group is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.7 Ensure access to /etc/gshadow is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.5 Ensure no duplicate GIDs exist | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 7.2.8 Ensure local interactive user home directories are configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| JUEX-L2-000100 - The Juniper EX switch must be configured to enable STP Loop Protection on all non-designated STP switch ports. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000120 - The Juniper EX switch must be configured to enable DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000180 - The Juniper EX switch must be configured to verify two-way connectivity on all interswitch trunked interfaces. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-L2-000230 - The Juniper EX switch must be configured to set all enabled user-facing or untrusted ports as access interfaces. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-L2-000250 - The Juniper EX switch must not have any access interfaces assigned to a VLAN configured as native for any trunked interface. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | CONFIGURATION MANAGEMENT |
