| 1.1.7 Ensure noexec option set on /dev/shm partition | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.1.10 Ensure separate partition exists for /var | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.2.3 Ensure repo_gpgcheck is globally activated | CIS Amazon Linux 2 v4.0.0 L2 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Ensure software packages have been digitally signed by a Certificate Authority (CA) | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.3.1 Ensure AIDE is installed | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.4.5 Ensure version 7.2 or newer booted with a BIOS have a unique name for the grub superusers account | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.5.5 Ensure number of concurrent sessions is limited | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.7.8 Ensure the Standard Mandatory DoD Notice and Consent Banner are configured | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.8.9 Ensure session idle-delay settings is enforced | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.8.10 Ensure GNOME Idle activation is set | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.9 Ensure updates, patches, and additional security software are installed | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure ldap client is not installed | CIS Amazon Linux 2 v4.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.3.4 Ensure telnet client is not installed | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2 Ensure ICMP redirects are not accepted | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 3.3.6 Ensure broadcast ICMP requests are ignored | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 3.3.8 Ensure Reverse Path Filtering is enabled | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 4.1.1 Ensure firewalld is installed | CIS Amazon Linux 2 v4.0.0 L2 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.2.13 Ensure off-loaded audit logs are labeled. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.7 Ensure kernel module loading and unloading is collected | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.8 Ensure changes to system administration scope (sudoers) is collected | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.10 Ensure use of privileged commands is collected | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.14 Ensure events that modify user/group information are collected | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.3.20 Ensure audit the umount command | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.29 Ensure audit pam_timestamp_check command | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.30 Ensure audit of the finit_module syscall | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.34 Ensure audit of the setsebool command. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.36 Ensure audit of the userhelper command | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 5.1.8 Ensure cron is restricted to authorized users | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.3.1 Ensure SSH is installed | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.8 Ensure SSH X11 forwarding is disabled | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.3.28 Ensure SSH IgnoreUserKnownHosts is enabled | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.3.33 Ensure SSH uses privilege separation | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.3.34 Ensure SSH compressions setting is delayed | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.4.10 Ensure certificate status checking for PKI authentication | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.5.1.10 Ensure delay between logon prompts on failure | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.5.4 Ensure default user shell timeout is configured | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5.8 Ensure Default user umask is 077 | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.5.9 Ensure local interactive user accounts umask is 077 | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 6.1.1 Audit system file permissions | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 6.2.9 Ensure root is the only UID 0 account | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 6.2.11 Ensure all users' home directories exist | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 6.2.12 Ensure users own their home directories | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 6.2.18 Ensure there are no unnecessary accounts | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 6.2.22 Ensure users' files and directories within the home directory permissions are 750 or more restrictive | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 18.3.6 (L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer' (MS only) | CIS Microsoft Windows Server 2016 v4.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
