| 20.51 Ensure 'Permissions for the system drive root directory must conform to minimum requirements' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| JUSX-IP-000027 - The Juniper Networks SRX Series Gateway IDPS must perform real-time monitoring of files from external sources at network entry/exit points. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| OL07-00-010120 - The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one upper-case character. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010200 - The Oracle Linux operating system must be configured so that the PAM system service is configured to store only encrypted representations of passwords. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010250 - The Oracle Linux operating system must be configured so that passwords for new users are restricted to a 60-day maximum lifetime. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010290 - The Oracle Linux operating system must not allow accounts configured with blank or null passwords. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-010343 - The Oracle Linux operating system must require re-authentication when using the 'sudo' command - sudo command. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010344 - The Oracle Linux operating system must not be configured to bypass password requirements for privilege escalation. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010350 - The Oracle Linux operating system must be configured so users must re-authenticate for privilege escalation. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-020028 - The Oracle Linux operating system must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-020030 - The Oracle Linux operating system must be configured so that a file integrity tool verifies the baseline operating system configuration at least weekly. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| OL07-00-020040 - The Oracle Linux operating system must be configured so that designated personnel are notified if baseline configurations are changed in an unauthorized manner. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-020101 - The Oracle Linux operating system must be configured so that the Datagram Congestion Control Protocol (DCCP) kernel module is disabled unless required - dccp /bin/true. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-020110 - The Oracle Linux operating system must disable the file system automounter unless required. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-020231 - The Oracle Linux operating system must be configured so the x86 Ctrl-Alt-Delete key sequence is disabled in the Graphical User Interface. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-020250 - The Oracle Linux operating system must be a vendor supported release. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-020310 - The Oracle Linux operating system must be configured so that the root account must be the only account having unrestricted access to the system. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-020610 - The Oracle Linux operating system must be configured so that all local interactive user accounts, upon creation, are assigned a home directory. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-020630 - The Oracle Linux operating system must be configured so that all local interactive user home directories have mode 0750 or less permissive. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-020690 - The Oracle Linux operating system must be configured so that all local initialization files for interactive users are owned by the home directory user or root. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-021024 - The Oracle Linux operating system must mount /dev/shm with secure options. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-021120 - The Oracle Linux operating system must be configured so that the cron.allow file, if it exists, is group-owned by root. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-021350 - The Oracle Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-021620 - The Oracle Linux operating system must use a file integrity tool that is configured to use FIPS 140-2 approved cryptographic hashes for validating file contents and directories. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-021700 - The Oracle Linux operating system must not allow removable media to be used as the boot loader unless approved. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-030000 - The Oracle Linux operating system must be configured so that auditing is configured to produce records containing information to establish what type of events occurred, where the events occurred, the source of the events, and the outcome of the events. These audit records must also identify individual identities of group account users. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| OL07-00-030310 - The Oracle Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030321 - The Oracle Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030560 - The Oracle Linux operating system must audit all uses of the semanage command. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL07-00-030660 - The Oracle Linux operating system must audit all uses of the chage command. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030800 - The Oracle Linux operating system must audit all uses of the crontab command. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030810 - The Oracle Linux operating system must audit all uses of the pam_timestamp_check command. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030819 - The Oracle Linux operating system must audit all uses of the create_module syscall. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030830 - The Oracle Linux operating system must audit all uses of the delete_module syscall. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030871 - The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OL07-00-030873 - The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OL07-00-040000 - The Oracle Linux operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OL07-00-040201 - The Oracle Linux operating system must implement virtual address space randomization. | DISA Oracle Linux 7 STIG v3r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL07-00-040300 - The Oracle Linux operating system must be configured so that all networked systems have SSH installed. | DISA Oracle Linux 7 STIG v3r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-040310 - The Oracle Linux operating system must be configured so that all networked systems use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission. | DISA Oracle Linux 7 STIG v3r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-040350 - The Oracle Linux operating system must be configured so that the SSH daemon does not allow authentication using rhosts authentication. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-040400 - The Oracle Linux operating system must be configured so that the SSH daemon is configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms - MACs employing FIPS 140-2 approved cryptographic hash algorithms. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OL07-00-040460 - The Oracle Linux operating system must be configured so that the SSH daemon uses privilege separation. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-040610 - The Oracle Linux operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-040620 - The Oracle Linux operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-040670 - Network interfaces configured on The Oracle Linux operating system must not be in promiscuous mode. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-040710 - The Oracle Linux operating system must be configured so that remote X connections are disabled, unless to fulfill documented and validated mission requirements. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-041002 - The Oracle Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM) - PAM. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-041003 - The Oracle Linux operating system must implement certificate status checking for PKI authentication. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-910055 - The Oracle Linux operating system must protect audit information from unauthorized read, modification, or deletion. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
