| 1.4.2 Ensure authentication required for single user mode - emergency.service | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Installing ISC BIND 9 - bind9 installation | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | |
| 1.11 Ensure host-based intrusion detection tool is used - MFEhiplsm package | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.2.6 Ensure automatic logon via GUI is not allowed | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.24 Ensure default SNMP community strings don't exist | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.26 Ensure ldap_tls_cacert is set for LDAP - config | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.26 Ensure ldap_tls_cacert is set for LDAP - file | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.27 Ensure ldap_id_use_start_tls is set for LDAP. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.29 Ensure nosuid option is set for NFS | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.2.31 Ensure noexec option is configured for NFS. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure IP forwarding is disabled - sysctl net.ipv4.ip_forward = 0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure IP forwarding is disabled - sysctl net.ipv6.conf.all.forwarding = 0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.10 Ensure rate limiting measures are set - sysctl | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Ensure IP tunnels are not configured. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.16 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers.d | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.2.6 Ensure rsyslog imudp and imrelp aren't loaded. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Ensure audit system is set to single when the disk is full. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.6 Ensure audit system action is defined for sending errors | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.7 Enable use of the au-remote plugin | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.8 Ensure off-load of audit logs - direction | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.8 Enure off-load of audit logs - path | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Ensure action is taken when audisp-remote buffer is full | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.10 Ensure off-loaded audit logs are labeled. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.4 Ensure permissions on SSH private host key files are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.5 Ensure permissions on SSH public host key files are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.18 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.2.18 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.3.11 Ensure system-auth is used when changing passwords | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.10 Ensure delay between logon prompts on failure | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 5.4.5 Ensure system-auth is used when changing passwords | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.8 Ensure Default user umask is 077 | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.9 Ensure inactive password lock is 0 days - individuals, groups, roles, and devices if the password expires. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.9 Ensure number of concurrent sessions is limited | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 6.2.21 Ensure that all files and directories contained in local interactive user home directories are owned by the user | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.23 Ensure local interactive users' dot files for are owned by the user or root. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.25 Ensure users' 'dot' files have '0740' or less set. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 6.2.28 Ensure upon user creation a home directory is assigned. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.29 Ensure users' files and directories within the home directory permissions are 750 or more restrictive | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 6.3 Ensure removal of software components after update | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.4 Ensure system device files are labeled - device_t | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 10.1 Ensure SELinux Is Enabled in Enforcing Mode - config file | CIS BIND DNS v1.0.0 L2 Caching Only Name Server | Unix | ACCESS CONTROL |
| RHEL-06-000275 - The operating system must employ cryptographic mechanisms to protect information in storage. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000276 - The operating system must protect the confidentiality and integrity of data at rest. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-06-000277 - The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of data at rest unless otherwise protected by alternative physical measures. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020250 - RHEL 8 must implement smart card logon for multifactor authentication for access to interactive accounts. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-213110 - RHEL 9 must implement nonexecutable data to protect its memory from unauthorized code execution. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
