| RHEL-08-010015 - RHEL 8 must have the crypto-policies package installed. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010060 - RHEL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-010151 - RHEL 8 operating systems must require authentication upon booting into rescue mode. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-010201 - RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010220 - The RHEL 8 /var/log/messages file must be owned by root. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-08-010230 - The RHEL 8 /var/log/messages file must be group-owned by root. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-08-010290 - The RHEL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-010291 - The RHEL 8 SSH server must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-010351 - RHEL 8 library directories must be group-owned by root or a system account. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010358 - RHEL 8 must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010370 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010371 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010372 - RHEL 8 must prevent the loading of a new kernel for later execution. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010390 - RHEL 8 must have the packages required for multifactor authentication installed. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010400 - RHEL 8 must implement certificate status checking for multifactor authentication. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010422 - RHEL 8 must disable virtual syscalls. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010471 - RHEL 8 must enable the hardware random number generator entropy gatherer service. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010480 - The RHEL 8 SSH public host key files must have mode 0644 or less permissive. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010520 - The RHEL 8 SSH daemon must not allow authentication using known host's authentication. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010521 - The RHEL 8 SSH daemon must not allow Kerberos authentication, except to fulfill documented and validated mission requirements. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010522 - The RHEL 8 SSH daemon must not allow GSSAPI authentication, except to fulfill documented and validated mission requirements. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010541 - RHEL 8 must use a separate file system for /var/log. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010542 - RHEL 8 must use a separate file system for the system audit data path. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010543 - A separate RHEL 8 filesystem must be used for the /tmp directory. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010544 - RHEL 8 must use a separate file system for /var/tmp. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010550 - RHEL 8 must not permit direct logons to the root account using remote access via SSH. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010570 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on file systems that contain user home directories. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010571 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on the /boot directory. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010580 - RHEL 8 must prevent special devices on non-root local partitions. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010672 - RHEL 8 must disable acquiring, saving, and processing core dumps. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010675 - RHEL 8 must disable core dump backtraces. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010720 - All RHEL 8 local interactive users must have a home directory assigned in the /etc/passwd file. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010731 - All RHEL 8 local interactive user home directory files must have mode 0750 or less permissive. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010741 - RHEL 8 must be configured so that all files and directories contained in local interactive user home directories are group-owned by a group of which the home directory owner is a member. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010800 - A separate RHEL 8 filesystem must be used for user home directories (such as /home or an equivalent). | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020017 - RHEL 8 must ensure account lockouts persist. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-10-700840 - RHEL 10 must disable the user list at login for graphical user interfaces. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700940 - RHEL 10 must not default to the graphical display manager unless approved. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-701060 - RHEL 10 must restrict exposed kernel pointer address access. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-701090 - RHEL 10 must disable the "kernel.core_pattern". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-701100 - RHEL 10 must be configured to disable the Controller Area Network (CAN) kernel module. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-701140 - RHEL 10 must restrict usage of ptrace to descendant processes. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-701270 - RHEL 10 must, for PKI-based authentication, validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-800010 - RHEL 10 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-800030 - RHEL 10 must disable access to the network bpf system call from nonprivileged processes. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-800050 - RHEL 10 must enable hardening for the Berkeley Packet Filter (BPF) just-in-time compiler. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-800070 - RHEL 10 must not have unauthorized IP tunnels configured. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-800200 - RHEL 10 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-800230 - RHEL 10 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-800240 - RHEL 10 must not forward Internet Protocol version 6 (IPv6) source-routed packets. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
