| 1.1.2.4.1 Ensure separate partition exists for /var | CIS Amazon Linux 2 v4.0.0 L2 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.1.2.5.1 Ensure separate partition exists for /var/tmp | CIS Amazon Linux 2 v4.0.0 L2 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.1.19 Ensure nosuid is set on users' home directories. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.1.26 Ensure all world-writable directories are group-owned. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.2.6 Ensure the version of the operating system is an active vendor supported release | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.4.1.6 Ensure no unconfined services exist | CIS Amazon Linux 2 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.5.7 Ensure kernel core dumps are disabled. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.5.8 Ensure DNS is servers are configured | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.3 Ensure SELinux policy is configured | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.5 Ensure the SELinux mode is enforcing | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.8.2 Ensure Standard Mandatory DoD Notice and Consent Banner displayed via a graphical user logon | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.8.5 Ensure users must authenticate users using MFA via a graphical user logon | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.8.6 Ensure GNOME Screensaver period of inactivity is configured | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.11 Ensure anti-virus is installed and running | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.12 Ensure host-based intrusion detection tool is used | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.1.4 Ensure internal information system clocks are synchronizing | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.8 Ensure FTP Server is not installed | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 2.2.28 Ensure ldap_tls_reqcert is set for LDAP | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 3.3.3 Ensure network interfaces are not in promiscuous mode | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 3.3.3.4 Set 'ip rip authentication key-chain' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.4 Ensure firewalld service enabled and running | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 4.1.2.3 Ensure audit system is set to single when the disk is full. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.5 Ensure system is disabled when audit logs are full | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.6 Ensure audit system action is defined for sending errors | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.9 Ensure audit logs on separate system are encrypted. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.12 Ensure action is taken when audisp-remote buffer is full | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.12 Ensure discretionary access control permission modification events are collected | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.15 Ensure all uses of the passwd command are audited. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.16 Ensure auditing of the unix_chkpwd command | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.17 Ensure audit of the gpasswd command | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.18 Ensure audit all uses of chage | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.23 Ensure audit ssh-keysign command. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.33 Ensure audit of semanage command | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 5.3.10 Ensure SSH IgnoreRhosts is enabled | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.3.30 Ensure SSH does not permit GSSAPI | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.4.5 Ensure system-auth is used when changing passwords | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.8 Ensure password expiration is 60 Day maximum for existing passwords | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.7 Ensure multi-factor authentication is enable for users | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6 - Storage Encryption | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 6.2.2.4 Ensure system warns when audit logs are low on space | CIS Amazon Linux 2 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 6.2.3.13 Ensure file deletion events by users are collected | CIS Amazon Linux 2 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.19 Ensure kernel module loading unloading and modification is collected | CIS Amazon Linux 2 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.23 Ensure local interactive users' dot files for are owned by the user or root. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 18.6.8.1 (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.8.1 Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| AIX7-00-001108 - AIX must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIX7-00-003100 - The AIX SSH daemon must be configured to only use FIPS 140-2 approved ciphers. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| JUEX-L2-000030 - The Juniper layer 2 switch must be configured to disable all dynamic VLAN registration protocols. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010120 - RHEL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
