| 1.6.13 Ensure the OpenSSL library is configured to use only DoD-approved TLS encryption | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.172 UBTU-22-654205 | CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.21 Ensure sshd PermitRootLogin is disabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.1.34 Ensure sshd IgnoreUserKnownHosts is enabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.1.37 Ensure sshd RekeyLimit is configured | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.2.5 Ensure users must re-authenticate for privilege escalation | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.3.6.1 Ensure the operating system uses multifactor authentication for local access to accounts | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000220 - A file integrity tool must be used at least weekly to check for unauthorized file changes. | DISA AIX 5.3 STIG v1r2 | Unix | RISK ASSESSMENT |
| GEN000340 - UIDs reserved for system accounts must not be assigned to non-system accounts. | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'successful logins are being logged' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001170 - All files and directories must have a valid group owner. | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001210 - All system command files must not have extended ACLs - '/bin/*' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001210 - All system command files must not have extended ACLs - '/usr/lbin/*' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001361 - NIS/NIS+/yp command files must not have extended ACLs - '/var/nis' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001730 - All global initialization files must not have extended ACLs - '/etc/bashrc' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001730 - All global initialization files must not have extended ACLs - '/etc/csh.cshrc' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001810 - Skeleton files must not have extended ACLs - '/etc/security/mkuser.sys' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001840 - All global initialization files' executable search paths must contain only absolute paths - '/etc/profile' | DISA AIX 5.3 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001850 - Global initialization files' lists of preloaded libraries must contain only absolute paths - '/etc/bashrc' | DISA AIX 5.3 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001850 - Global initialization files' lists of preloaded libraries must contain only absolute paths - '/etc/profile' | DISA AIX 5.3 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001890 - Local initialization files must not have extended ACLs - '.dispatch' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN002300 - Device files used for backup must only be readable and/or writable by root or the backup user - '/dev/cd*' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN002420 - Removable media, remote file systems and any file system not containing approved setuid files must be mounted with nosuid. | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN002440 - The owner, group, mode, ACL, and location of files with the setgid bit set must be documented using site-defined procedures | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'guest' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'invscout' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'pconsole' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'guest' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'ipsec' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'lp' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'lpd' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'nobody' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'nuucp' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'sys' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003300 - The at.deny file must not be empty if it exists | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'bin' - at.deny | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'daemon' - at.allow | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'invscout' - at.deny | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'lpd' - at.deny | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'nuucp' - at.allow | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'snapp' - at.allow | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'sys' - at.deny | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003510 - Kernel core dumps must be disabled unless needed - 'primary dump device' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN003600 - The system must not forward IPv4 source-routed packets. | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN003745 - The inetd.conf and xinetd.conf files must not have extended ACLs - 'xinetd.conf' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN005395 - The /etc/syslog.conf file must not have an extended ACL. | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN005610 - The system must not have IP forwarding for IPv6 enabled, unless the system is an IPv6 router. | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN006290 - The /etc/news/hosts.nntp.nolimit file must not have an extended ACL. | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN006580 - The system must use an access control program. | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN007940 - The system must not accept source-routed IPv6 packets. | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
