| 4.2.1 Ensure 'trustDefaultCerts' is set to 'false' | CIS IBM WebSphere Liberty v1.0.0 L2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web application | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001410 - The Cisco ASA must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes - CRYPT_ALGORITHMS_ALLOW | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN007780 - The system must not have 6to4 enabled. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - modprobe | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000204 - The xinetd service must be uninstalled if no network services utilizing it are enabled. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000214 - The rshd service must not be running - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000220 - The ypserv package must not be installed. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000230 - The SSH daemon must set a timeout interval on idle sessions. | DISA STIG Oracle Linux 6 v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000240 - The SSH daemon must be configured with the Department of Defense (DoD) login banner. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000247 - The system clock must be synchronized continuously, or at least daily - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000248 - The system clock must be synchronized to an authoritative DoD time source. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000262 - The atd service must be disabled - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000265 - The ntpdate service must not be running - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000267 - The qpidd service must not be running - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000272 - The system must use SMB client signing for connecting to samba servers using smbclient. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000274 - The system must prohibit the reuse of passwords within five iterations - system-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000278 - The system package management tool must verify permissions on all files and directories associated with the audit package. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000281 - The system package management tool must verify contents of all files associated with the audit package. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000286 - The x86 Ctrl-Alt-Delete key sequence must be disabled - /usr/bin/logger | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000288 - The sendmail package must be removed. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000293 - Wireless network adapters must be disabled. | DISA STIG Oracle Linux 6 v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000302 - A file integrity tool must be used at least weekly to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000309 - The NFS server must not have the insecure file locking option enabled. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000315 - The Bluetooth kernel module must be disabled - 'net-pf-31' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000321 - The system must provide VPN connectivity for communications over untrusted networks. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000326 - The Department of Defense (DoD) login banner must be displayed immediately prior to, or as part of, graphical desktop environment login prompts. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000336 - The sticky bit must be set on all public directories. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000337 - All public directories must be owned by a system account. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000340 - The snmpd service must use only SNMP protocol version 3 or newer. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000346 - The system default umask for daemons must be 027 or 022. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000349 - The system must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token (ALT) for authentication. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000385 - Audit log directories must have mode 0755 or less permissive. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000509 - The system must forward audit records to the syslog service. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000511 - The audit system must take appropriate action when there are disk errors on the audit storage volume. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000519 - The system package management tool must verify contents of all files associated with packages. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000521 - The mail system must forward all mail for root to one or more system administrators. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000529 - The sudo command must require authentication - nopasswd | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000531 - The Oracle Linux operating system must mount /dev/shm with the nosuid option. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000533 - The Oracle Linux 6 operating system must use a virus scan program. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000536 - The Oracle Linux operating system must use the invoking user's password for privilege escalation when using 'sudo' - rootpw | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
