| RHEL-08-020023 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020026 - RHEL 8 must configure the use of the pam_faillock.so module in the /etc/pam.d/password-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020030 - RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020081 - RHEL 8 must prevent a user from overriding the session idle-delay setting for the graphical user interface. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020120 - RHEL 8 must enforce password complexity by requiring that at least one lower-case character be used. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-020240 - RHEL 8 duplicate User IDs (UIDs) must not exist for interactive users. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-020310 - RHEL 8 must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020331 - RHEL 8 must not allow blank or null passwords in the system-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-030010 - Cron logging must be implemented in RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-030080 - RHEL 8 audit logs must be owned by root to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030140 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030150 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030302 - Successful/unsuccessful uses of the mount syscall in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030314 - Successful/unsuccessful uses of setfiles in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030316 - Successful/unsuccessful uses of setsebool in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030350 - Successful/unsuccessful uses of the newgrp command in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030390 - Successful/unsuccessful uses of the delete_module command in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030580 - Successful/unsuccessful uses of the kmod command in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030640 - RHEL 8 audit tools must be group-owned by root. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030650 - RHEL 8 must use cryptographic mechanisms to protect the integrity of audit tools. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030655 - RHEL 8 must audit any script or executable called by cron as root or by any privileged user. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030731 - RHEL 8 must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030741 - RHEL 8 must disable the chrony daemon from acting as a server. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-030742 - RHEL 8 must disable network management of the chrony daemon. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040002 - RHEL 8 must not have the sendmail package installed. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040020 - RHEL 8 must cover or disable the built-in or attached camera when not in use. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040025 - RHEL 8 must disable mounting of cramfs. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040090 - A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-040122 - RHEL 8 must mount /dev/shm with the noexec option. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040123 - RHEL 8 must mount /tmp with the nodev option. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040124 - RHEL 8 must mount /tmp with the nosuid option. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040129 - RHEL 8 must mount /var/log/audit with the nodev option. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040131 - RHEL 8 must mount /var/log/audit with the noexec option. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040132 - RHEL 8 must mount /var/tmp with the nodev option. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040133 - RHEL 8 must mount /var/tmp with the nosuid option. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040170 - The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040190 - The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for RHEL 8 operational support. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040209 - RHEL 8 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040210 - RHEL 8 must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040230 - RHEL 8 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040239 - RHEL 8 must not forward IPv4 source-routed packets. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040240 - RHEL 8 must not forward IPv6 source-routed packets. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040249 - RHEL 8 must not forward IPv4 source-routed packets by default. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040290 - RHEL 8 must be configured to prevent unrestricted mail relaying. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040321 - The graphical display manager must not be the default target on RHEL 8 unless approved. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-211030 - The graphical display manager must not be the default target on RHEL 9 unless approved. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-211035 - RHEL 9 must enable the hardware random number generator entropy gatherer service. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-211055 - RHEL 9 debug-shell systemd service must be disabled. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
