| ALMA-09-016520 - AlmaLinux OS 9 /etc/passwd file must have mode 0644 or less permissive to prevent unauthorized access. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-016960 - AlmaLinux OS 9 /etc/shadow file must be group-owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-017950 - AlmaLinux OS 9 must not have unauthorized accounts. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-018720 - The firewalld service on AlmaLinux OS 9 must be active. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| ALMA-09-019270 - AlmaLinux OS 9 must not have unauthorized IP tunnels configured. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-019490 - AlmaLinux OS 9 must be configured to prevent unrestricted mail relaying. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-020260 - Alma Linux OS 9 must not accept IPv4 source-routed packets by default. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-020810 - AlmaLinux OS 9 must not allow a noncertificate trusted host SSH logon to the system. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-022350 - The kdump service on AlmaLinux OS 9 must be disabled. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-022900 - AlmaLinux OS 9 must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-023010 - AlmaLinux OS 9 must disable the use of user namespaces. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-023450 - AlmaLinux OS 9 must prevent files with the setuid and setgid bit set from being executed on file systems that are imported via Network File System (NFS). | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-023780 - AlmaLinux OS 9 must prevent special devices on nonroot local partitions. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-024220 - AlmaLinux OS 9 must display the date and time of the last successful account logon upon logon. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-024770 - The SSH daemon must perform strict mode checking of home directory configuration files. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-025100 - AlmaLinux OS 9 must use a separate file system for /tmp. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-025980 - AlmaLinux OS 9 must prevent files with the setuid and setgid bit set from being executed on file systems that contain user home directories. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-026420 - AlmaLinux OS 9 must prevent files with the setuid and setgid bit set from being executed on the /boot directory. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-027520 - AlmaLinux OS 9 must mount /var/log with the nodev option. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-027740 - AlmaLinux OS 9 must mount /var/log with the nosuid option. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-028400 - AlmaLinux OS 9 fapolicy module must be installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-029500 - AlmaLinux OS 9 must not have the gssproxy package installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-029610 - AlmaLinux OS 9 must disable the Asynchronous Transfer Mode (ATM) kernel module. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-030380 - AlmaLinux OS 9 must disable mounting of udf. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-031370 - AlmaLinux OS 9 must be configured to disable USB mass storage. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-032030 - AlmaLinux OS 9 must require users to provide a password for privilege escalation. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | ACCESS CONTROL |
| ALMA-09-034120 - AlmaLinux OS 9 SSHD must not allow blank passwords. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-034890 - AlmaLinux OS 9 must disable the graphical user interface automount function unless required. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-035000 - AlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user interface automount function. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-035210 - AlmaLinux OS 9 must have the USBGuard package installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-035660 - AlmaLinux OS 9 must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-035770 - AlmaLinux OS 9 must enforce password complexity by requiring that at least one lowercase character be used. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-036100 - AlmaLinux OS 9 must enforce password complexity rules for the root account. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-036870 - AlmaLinux OS 9 must require the maximum number of repeating characters be limited to three when passwords are changed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-037420 - AlmaLinux OS 9 must be configured so that the system's shadow file is configured to store only encrypted representations of passwords. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-038960 - AlmaLinux OS 9 must map the authenticated identity to the user or group account for PKI-based authentication. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-039070 - AlmaLinux OS 9, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-039290 - AlmaLinux 9 cryptographic policy must not be overridden. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-040390 - AlmaLinux OS 9 must enable the Pluggable Authentication Module (PAM) interface for SSHD. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | MAINTENANCE |
| ALMA-09-040940 - AlmaLinux OS 9 must restrict usage of ptrace to descendant processes. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-041050 - AlmaLinux OS 9 must restrict access to the kernel message buffer. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-042370 - AlmaLinux OS 9 must protect against or limit the effects of denial-of-service (DoS) attacks by ensuring rate-limiting measures on impacted network interfaces are implemented. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-042480 - AlmaLinux OS 9 must be configured to use TCP syncookies. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-042810 - All AlmaLinux OS 9 networked systems must implement SSH to protect the confidentiality and integrity of transmitted and received information, including information being prepared for transmission. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-043030 - AlmaLinux OS 9 must not allow users to override SSH environment variables. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-044240 - AlmaLinux OS 9 /var/log/messages file must have mode 0640 or less permissive. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-044790 - AlmaLinux OS 9 must clear memory when it is freed to prevent use-after-free attacks. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-045120 - AlmaLinux OS 9 must remove all software components after updated versions have been installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-046000 - Successful/unsuccessful uses of the init command in AlmaLinux OS 9 must generate an audit record. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-046660 - AlmaLinux OS 9 must audit all uses of the delete_module, init_module and finit_module system calls. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
