| 6.3 Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | CIS Amazon Web Services Foundations v7.0.0 L1 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 49.1 (L1) Ensure 'Accounts: Enable Guest account status' is set to 'Disabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| AADC-CL-001295 - Adobe Acrobat Pro DC Classic Repair Installation must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes - CRYPT_ALGORITHMS_ALLOW | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000185 - The audit system must be configured to audit all discretionary access control permission modifications using chown, fchown, fchownat, and lchown - b32 auid=0 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000185 - The audit system must be configured to audit all discretionary access control permission modifications using chown, fchown, fchownat, and lchown - b64 auid>=500 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000198 - The audit system must be configured to audit all use of setuid and setgid programs. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000199 - The audit system must be configured to audit successful file system mounts - b32 auid>=500 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - insmod | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - modprobe | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000204 - The xinetd service must be uninstalled if no network services utilizing it are enabled. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000214 - The rshd service must not be running - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000220 - The ypserv package must not be installed. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000230 - The SSH daemon must set a timeout interval on idle sessions. | DISA STIG Oracle Linux 6 v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000240 - The SSH daemon must be configured with the Department of Defense (DoD) login banner. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000247 - The system clock must be synchronized continuously, or at least daily - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000248 - The system clock must be synchronized to an authoritative DoD time source. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000262 - The atd service must be disabled - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000265 - The ntpdate service must not be running - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000267 - The qpidd service must not be running - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000272 - The system must use SMB client signing for connecting to samba servers using smbclient. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000274 - The system must prohibit the reuse of passwords within five iterations - system-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000278 - The system package management tool must verify permissions on all files and directories associated with the audit package. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000281 - The system package management tool must verify contents of all files associated with the audit package. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000286 - The x86 Ctrl-Alt-Delete key sequence must be disabled - /usr/bin/logger | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000288 - The sendmail package must be removed. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000293 - Wireless network adapters must be disabled. | DISA STIG Oracle Linux 6 v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000302 - A file integrity tool must be used at least weekly to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000309 - The NFS server must not have the insecure file locking option enabled. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000315 - The Bluetooth kernel module must be disabled - 'net-pf-31' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000321 - The system must provide VPN connectivity for communications over untrusted networks. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000326 - The Department of Defense (DoD) login banner must be displayed immediately prior to, or as part of, graphical desktop environment login prompts. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000336 - The sticky bit must be set on all public directories. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000337 - All public directories must be owned by a system account. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000340 - The snmpd service must use only SNMP protocol version 3 or newer. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000346 - The system default umask for daemons must be 027 or 022. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000349 - The system must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token (ALT) for authentication. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000385 - Audit log directories must have mode 0755 or less permissive. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000509 - The system must forward audit records to the syslog service. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000511 - The audit system must take appropriate action when there are disk errors on the audit storage volume. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000519 - The system package management tool must verify contents of all files associated with packages. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000521 - The mail system must forward all mail for root to one or more system administrators. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000529 - The sudo command must require authentication - nopasswd | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000531 - The Oracle Linux operating system must mount /dev/shm with the nosuid option. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000533 - The Oracle Linux 6 operating system must use a virus scan program. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000536 - The Oracle Linux operating system must use the invoking user's password for privilege escalation when using 'sudo' - rootpw | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
