| RHEL-10-500020 - RHEL 10 must log username information when unsuccessful login attempts occur. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-500120 - RHEL 10 must produce audit records containing information to establish the identity of any individual or process associated with the event. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500210 - RHEL 10 must notify the system administrator (SA) and/or information system security officer (ISSO) (at a minimum) of an audit processing failure. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500330 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "chacl" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500350 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "chcon" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500380 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "setsebool" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500430 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "chsh" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500460 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "kmod" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500480 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "pam_timestamp_check" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500620 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "init" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500630 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "poweroff" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500660 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "umount" system call. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500670 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "umount2" system call. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500710 - RHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/gshadow". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500740 - RHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/shadow". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500810 - RHEL 10 must generate audit records for all uses of the "rename", "unlink", "rmdir", "renameat", "renameat2", and "unlinkat" system calls. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-600000 - RHEL 10 must require a boot loader superuser password. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-600020 - RHEL 10 must not assign an interactive login shell for system accounts. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-600190 - RHEL 10 must ensure that all local interactive user home directories defined in the "/etc/passwd" file must exist. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-600210 - RHEL 10 must enforce a 24-hours minimum password lifetime restriction for passwords for new users or password changes in "/etc/login.defs". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-600400 - RHEL 10 must allow only the root account to have unrestricted access to the system. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-600470 - RHEL 10 must have a unique group ID (GID) for each group in "/etc/group". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-600530 - RHEL 10 must require users to reauthenticate for privilege escalation. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-600560 - RHEL 10 must require users to provide a password for privilege escalation. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-600620 - RHEL 10 must ensure the password complexity module is enabled in the "password-auth" file. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-700125 - RHEL 10 must prevent files with the "setuid" and "setgid" bit set from being executed on the "/boot" directory. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700135 - RHEL 10 must mount "/dev/shm" with the "nodev" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700140 - RHEL 10 must mount "/dev/shm" with the "noexec" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700160 - RHEL 10 must mount "/tmp" with the "nosuid" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700165 - RHEL 10 must mount "/var" with the "nodev" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700170 - RHEL 10 must mount "/var/log" with the "nodev" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700175 - RHEL 10 must mount "/var/log" with the "noexec" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700190 - RHEL 10 must mount "/var/tmp" with the "noexec" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700410 - RHEL 10 must elevate the SELinux context when an administrator calls the sudo command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-700680 - RHEL 10 must not have a "shosts.equiv" file on the system. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-700770 - RHEL 10 must initiate a session lock for graphical user interfaces when the screensaver is activated. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-700830 - RHEL 10 must disable the ability of a user to accidentally press Ctrl-Alt-Del and cause a system to shut down or reboot. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-700880 - RHEL 10 must disable the graphical user interface automounter unless required. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-700970 - RHEL 10 must disable the debug-shell systemd service. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-701030 - RHEL 10 must restrict access to the kernel message buffer. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-701080 - RHEL 10 must enable kernel parameters to enforce discretionary access control (DAC) on symlinks. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-701110 - RHEL 10 must disable the Stream Control Transmission Protocol (SCTP) kernel module. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-701230 - RHEL 10 must implement certificate status checking for multifactor authentication. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-701260 - RHEL 10 must require authentication to access single-user mode. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-701290 - RHEL 10 must prohibit the use of cached authenticators after one day. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-800100 - RHEL 10 must not forward Internet Protocol version 4 (IPv4) source-routed packets. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-800120 - RHEL 10 must log Internet Protocol version 4 (IPv4) packets with impossible addresses by default. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-800250 - RHEL 10 must not enable Internet Protocol version 6 (IPv6) packet forwarding unless the system is a router. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-800270 - RHEL 10 must prevent Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages from being accepted. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-800310 - RHEL 10 must be configured to operate in secure mode if the Trivial File Transfer Protocol (TFTP) server service is required. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
