| GEN003060 - Default system accounts must be included in the cron.allow file - 'sshd' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003110 - Cron and crontab directories must not have extended ACLs - '/var/spool/cron' - no acls enabled | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003140 - Cron and crontab directories must be group-owned by system, sys, bin, or cron. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003180 - The cronlog file must have mode 0600 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003240 - The cron.allow file must be owned by root, bin, or sys. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003245 - The at.allow file must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'bin' - at.allow | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'bin' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'invscout' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'lpd' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'snapp' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'uucp' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003360 - The at daemon must not execute group-writable or world-writable programs. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003510 - Kernel core dumps must be disabled unless needed - 'secondary dump device' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN003600 - The system must not forward IPv4 source-routed packets. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003720 - The inetd.conf file, xinetd.conf file, and the xinetd.d directory must be owned by root or bin - 'xinetd.d' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003740 - The inetd.conf and xinetd.conf files must have mode 0440 or less permissive - 'inetd.conf' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003760 - The services file must be owned by root or bin. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003780 - The services file must have mode 0444 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003865 - Network analysis tools must not be installed - 'tcpdump' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN003920 - The hosts.lpd (or equivalent) file must be owned by root, bin, sys, or lp | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003940 - The hosts.lpd (or equivalent) must have mode 0644 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN004840 - If the system is an anonymous FTP server, it must be isolated to the DMZ network. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN005180 - All .Xauthority files must have mode 0600 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005320 - The snmpd.conf file must have mode 0600 or less permissive - '/etc/snmpd.conf' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005350 - Management Information Base (MIB) files must not have extended ACLs. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005375 - The snmpd.conf file must not have an extended ACL - '/etc/snmpdv3.conf' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005395 - The /etc/syslog.conf file must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005506 - The SSH daemon must be configured to not use Cipher-Block Chaining (CBC) ciphers. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005521 - The SSH daemon must restrict login ability to specific users and/or groups. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005539 - The SSH daemon must not allow compression or must only allow compression after successful authentication. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005550 - The SSH daemon must be configured with the Department of Defense (DoD) logon banner - 'Banner file contents' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005570 - The system must be configured with a default gateway for IPv6 if the system uses IPv6, unless the system is a router. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005610 - The system must not have IP forwarding for IPv6 enabled, unless the system is an IPv6 router. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005800 - All NFS-exported system files and system directories must be owned by root. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005810 - All NFS-exported system files and system directories must be group-owned by root, bin, sys, or system. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005840 - The NFS server must be configured to restrict file system access to local hosts - 'Exports containing rw should be reviewed' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN006120 - The /usr/lib/smb.conf file must be group-owned by bin, sys, or system. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN006200 - The /var/private/smbpasswd file must have mode 0600 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN006260 - The /etc/news/hosts.nntp (or equivalent) must have mode 0600 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN006330 - The /etc/news/passwd.nntp file must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN006420 - NIS maps must be protected through hard-to-guess domain names. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN006600 - The system's access control program must log each system access attempt - 'auth.info' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN006640 - The system must use and update a DoD-approved virus scan program - 'names.dat' - update date | DISA STIG AIX 5.3 v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN006640 - The system must use and update a DoD-approved virus scan program - 'uvscan exists in crontabs' | DISA STIG AIX 5.3 v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN007720 - The IPv6 protocol handler must be prevented from dynamic loading unless needed. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN007840 - The DHCP client must be disabled if not needed. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN007850 - The DHCP client must not send dynamic DNS updates - 'updateDNS exists in /etc/dhcpc.opt' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN008120 - If the system is using LDAP the /etc/ldap.conf file must not have an extended ACL | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN008180 - The TLS certificate authority file must have mode 0644 (0755 for directories) or less permissive | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
